怎么办啊！重装系统都没用啊这木马太恶心了！！ bbs.ikaka.com

667772626 - 2009-1-29 17:52:00

这是那个日志
[CODE]

2009-01-29,17:50:52

System Repair Engineer 2.7.0.1210
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 3 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
进程特权扫描
计划任务
API HOOK
隐藏进程

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><; C:\WINDOWS\system32\ctfmon.exe> [(Infected) Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<amd_dc_opt><; C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe> [File is missing]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><kpiohgkl.dll,klaginpl.dll,mpmiipbk.dll,jbfadhjj.dll,cfmfnglf.dll,fcgkblai.dll,nabdnafi.dll,aahpjnnm.dll,,flobkcei.dll,pjhlifcj.dll,fiekoaom.dll,flflbjlj.dll,anmhnjnd.dll> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll> [(Verified)Microsoft Windows Component Publisher]
<{F5F5B353-8A98-44B4-9CB9-0E51F2387358}><C:\WINDOWS\system32\flflbjlj.dll> []
<{7ABD7AF2-C737-4FD5-9AB1-E5A4AF4261CE}><C:\WINDOWS\system32\nabdnafi.dll> []
<{93152FC3-5705-45EA-B9BC-00E0C1926A4C}><C:\WINDOWS\system32\pjhlifcj.dll> []
<{FC04B5A2-053E-49A3-A33C-101365579298}><C:\WINDOWS\system32\fcgkblai.dll> []
<{F2E48A86-ABB8-43CB-8CB8-BB729B1782C1}><C:\WINDOWS\system32\fiekoaom.dll> []
<{CF6F705F-C856-4FB8-B07F-13335EC1BB6C}><C:\WINDOWS\system32\cfmfnglf.dll> []
<{3BFAD133-DE4A-4160-B475-38643C5E4DEE}><C:\WINDOWS\system32\jbfadhjj.dll> []
<{696229B4-758E-4830-BDF7-98BAE81948F3}><C:\WINDOWS\system32\mpmiipbk.dll> []
<{45A02795-EBD0-416D-96E1-10FEADF8E97E}><C:\WINDOWS\system32\klaginpl.dll> []
<{49281045-AED2-4C7D-89CA-4BE3E2AD68DA}><C:\WINDOWS\system32\kpiohgkl.dll> []
<{A761737D-2F13-4504-9133-F08F7F22D0A4}><C:\WINDOWS\system32\anmhnjnd.dll> []
<{AA193776-4AD2-4CBC-A61C-1C43F06849EC}><C:\WINDOWS\system32\aahpjnnm.dll> []
<{F58B4CE2-E0C3-4237-B423-AAF5E54321DE}><C:\WINDOWS\system32\flobkcei.dll> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<F5F5B353><C:\WINDOWS\system32\flflbjlj.dll> []
<93152FC3><C:\WINDOWS\system32\pjhlifcj.dll> []
<F2E48A86><C:\WINDOWS\system32\fiekoaom.dll> []
<CF6F705F><C:\WINDOWS\system32\cfmfnglf.dll> []
<7ABD7AF2><C:\WINDOWS\system32\nabdnafi.dll> []
<45A02795><C:\WINDOWS\system32\klaginpl.dll> []
<696229B4><C:\WINDOWS\system32\mpmiipbk.dll> []
<3BFAD133><C:\WINDOWS\system32\jbfadhjj.dll> []
<F58B4CE2><C:\WINDOWS\system32\flobkcei.dll> []
<AA193776><C:\WINDOWS\system32\aahpjnnm.dll> []
<49281045><C:\WINDOWS\system32\kpiohgkl.dll> []
<FC04B5A2><C:\WINDOWS\system32\fcgkblai.dll> []
<A761737D><C:\WINDOWS\system32\anmhnjnd.dll> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
<WinlogonNotify: cryptnet><cryptnet.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
<WinlogonNotify: dimsntfy><%SystemRoot%\System32\dimsntfy.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
<WinlogonNotify: Schedule><wlnotify.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
<WinlogonNotify: SensLogn><WlNotify.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
<WinlogonNotify: wlballoon><wlnotify.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
<Internet Explorer 6><%SystemRoot%\system32\ie4uinit.exe> [(Verified)Microsoft Windows Component Publisher]

==================================
启动文件夹
N/A

==================================
服务
[Contrl Center of Storm Media / ccosm][Stopped/Disabled]
<C:\Program Files\StormII\stormliv.exe /asservice><(File is missing)>
[HID Input Service / HidServ][Stopped/Auto Start]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
<C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>

==================================
驱动程序
[360procmon / 360procmon][Running/Manual Start]
<\??\D:\Program Files\360\360Safe\safemon\360procmon.sys><>
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Stopped/Manual Start]
<system32\drivers\ac97intc.sys><Intel Corporation>
[AmdK8 Compatible Device / AmdK8][Stopped/Manual Start]
<System32\drivers\amdk8.sys><Advanced Micro Devices>
[AMD Low Level Device Driver / AmdLLD][Running/Manual Start]
<system32\DRIVERS\AmdLLD.sys><AMD, Inc.>
[Dritek Keyboard Filter Driver / DKbFltr][Running/Manual Start]
<system32\DRIVERS\DKbFltr.sys><Dritek System Inc.>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Stopped/Manual Start]
<system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[Microsoft 用于 High Definition Audio 的 UAA 总线驱动程序 / HDAudBus][Running/Manual Start]
<system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]
<system32\drivers\RtkHDAud.sys><Realtek Semiconductor Corp.>
[msiffei / msiffei][Stopped/Manual Start]
<System32\Drivers\msiffei.sys><N/A>
[nv / nv][Running/Manual Start]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver / RTLE8023xp][Running/Manual Start]
<system32\DRIVERS\Rtenicxp.sys><Realtek Semiconductor Corporation>
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]
<\??\C:\WINDOWS\system32\Drivers\safeboxkrnl.sys><360安全中心>
[Safe Mon 360 / SafeMon0][Running/System Start]
<\??\C:\WINDOWS\system32\CDC7F049.dat><N/A>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
<system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[242531 / 242531][Stopped/Manual Start]
<2 - 系统找不到指定的文件。
><N/A>

==================================
浏览器加载项
[ThunderAtOnce Class]
{01443AEC-0FD1-40fd-9C87-E93D1494C233} <C:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[Create Mobile Favorite]
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} <d:\PROGRA~1\MICROS~1\INetRepl.dll, (Signed) Microsoft Corporation>
[Create Mobile Favorite]
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} <d:\PROGRA~1\MICROS~1\INetRepl.dll, (Signed) Microsoft Corporation>
[]
{e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, (Signed) N/A>
[ThunderAtOnce Class]
{01443AEC-0FD1-40FD-9C87-E93D1494C233} <C:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[]
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} <, >
[]
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} <, >
[Thunder Agent Class]
{485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <C:\Program Files\Thunder\ComDlls\ThunderAgent_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[]
{6A8D34D7-08D7-421F-AFF6-956A0BD6F0BF} <C:\Program Files\Internet Explorer\PowerNeNt.Onz, N/A>
[360SafeLive]
{87515F61-A66C-4319-A0E0-D416CB8059E3} <D:\Program Files\360\360Safe\live.dll, (Signed) 360.cn>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, (Signed) Adobe Systems, Inc.>
[]
{E2E2DD38-D088-4134-82B7-F2BA38496583} <, >
[使用迅雷下载]
<C:\Program Files\Thunder\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
<C:\Program Files\Thunder\Program\getallurl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>

==================================
正在运行的进程
[PID: 664 / SYSTEM][\SystemRoot\System32\smss.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 720 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 744 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
[C:\WINDOWS\system32\aahpjnnm.dll] [N/A, ]
[C:\WINDOWS\system32\nabdnafi.dll] [N/A, ]
[C:\WINDOWS\system32\fcgkblai.dll] [N/A, ]
[C:\WINDOWS\system32\anmhnjnd.dll] [N/A, ]
[C:\WINDOWS\system32\flflbjlj.dll] [N/A, ]
[C:\WINDOWS\system32\fiekoaom.dll] [N/A, ]
[C:\WINDOWS\system32\pjhlifcj.dll] [N/A, ]
[C:\WINDOWS\system32\flobkcei.dll] [N/A, ]
[C:\WINDOWS\system32\cfmfnglf.dll] [N/A, ]
[C:\WINDOWS\system32\jbfadhjj.dll] [N/A, ]
[C:\WINDOWS\system32\mpmiipbk.dll] [N/A, ]
[C:\WINDOWS\system32\klaginpl.dll] [N/A, ]
[C:\WINDOWS\system32\kpiohgkl.dll] [N/A, ]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 788 / SYSTEM][C:\WINDOWS\system32\services.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\system32\aahpjnnm.dll] [N/A, ]
[C:\WINDOWS\system32\nabdnafi.dll] [N/A, ]
[C:\WINDOWS\system32\fcgkblai.dll] [N/A, ]
[C:\WINDOWS\system32\anmhnjnd.dll] [N/A, ]
[C:\WINDOWS\system32\flflbjlj.dll] [N/A, ]
[C:\WINDOWS\system32\fiekoaom.dll] [N/A, ]
[C:\WINDOWS\system32\pjhlifcj.dll] [N/A, ]
[C:\WINDOWS\system32\flobkcei.dll] [N/A, ]
[C:\WINDOWS\system32\cfmfnglf.dll] [N/A, ]
[C:\WINDOWS\system32\jbfadhjj.dll] [N/A, ]
[C:\WINDOWS\system32\mpmiipbk.dll] [N/A, ]
[C:\WINDOWS\system32\klaginpl.dll] [N/A, ]
[C:\WINDOWS\system32\kpiohgkl.dll] [N/A, ]
[PID: 800 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\aahpjnnm.dll] [N/A, ]
[C:\WINDOWS\system32\nabdnafi.dll] [N/A, ]
[C:\WINDOWS\system32\fcgkblai.dll] [N/A, ]
[C:\WINDOWS\system32\anmhnjnd.dll] [N/A, ]
[C:\WINDOWS\system32\flflbjlj.dll] [N/A, ]
[C:\WINDOWS\system32\fiekoaom.dll] [N/A, ]
[C:\WINDOWS\system32\pjhlifcj.dll] [N/A, ]
[C:\WINDOWS\system32\flobkcei.dll] [N/A, ]
[C:\WINDOWS\system32\cfmfnglf.dll] [N/A, ]
[C:\WINDOWS\system32\jbfadhjj.dll] [N/A, ]
[C:\WINDOWS\system32\mpmiipbk.dll] [N/A, ]
[C:\WINDOWS\system32\klaginpl.dll] [N/A, ]
[C:\WINDOWS\system32\kpiohgkl.dll] [N/A, ]
[PID: 948 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\aahpjnnm.dll] [N/A, ]
[C:\WINDOWS\system32\nabdnafi.dll] [N/A, ]
[C:\WINDOWS\system32\fcgkblai.dll] [N/A, ]
[C:\WINDOWS\system32\anmhnjnd.dll] [N/A, ]
[C:\WINDOWS\system32\flflbjlj.dll] [N/A, ]
[C:\WINDOWS\system32\fiekoaom.dll] [N/A, ]
[C:\WINDOWS\system32\pjhlifcj.dll] [N/A, ]
[C:\WINDOWS\system32\flobkcei.dll] [N/A, ]
[C:\WINDOWS\system32\cfmfnglf.dll] [N/A, ]
[C:\WINDOWS\system32\jbfadhjj.dll] [N/A, ]
[C:\WINDOWS\system32\mpmiipbk.dll] [N/A, ]
[C:\WINDOWS\system32\klaginpl.dll] [N/A, ]
[C:\WINDOWS\system32\kpiohgkl.dll] [N/A, ]
[PID: 1028 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\aahpjnnm.dll] [N/A, ]
[C:\WINDOWS\system32\nabdnafi.dll] [N/A, ]
[C:\WINDOWS\system32\fcgkblai.dll] [N/A, ]
[C:\WINDOWS\system32\anmhnjnd.dll] [N/A, ]
[C:\WINDOWS\system32\flflbjlj.dll] [N/A, ]
[C:\WINDOWS\system32\fiekoaom.dll] [N/A, ]
[C:\WINDOWS\system32\pjhlifcj.dll] [N/A, ]
[C:\WINDOWS\system32\flobkcei.dll] [N/A, ]
[C:\WINDOWS\system32\cfmfnglf.dll] [N/A, ]
[C:\WINDOWS\system32\jbfadhjj.dll] [N/A, ]
[C:\WINDOWS\system32\mpmiipbk.dll] [N/A, ]
[C:\WINDOWS\system32\klaginpl.dll] [N/A, ]
[C:\WINDOWS\system32\kpiohgkl.dll] [N/A, ]
[PID: 1068 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\System32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\WINDOWS\System32\aahpjnnm.dll] [N/A, ]
[C:\WINDOWS\System32\nabdnafi.dll] [N/A, ]
[C:\WINDOWS\System32\fcgkblai.dll] [N/A, ]
[C:\WINDOWS\System32\anmhnjnd.dll] [N/A, ]
[C:\WINDOWS\System32\flflbjlj.dll] [N/A, ]
[C:\WINDOWS\System32\fiekoaom.dll] [N/A, ]
[C:\WINDOWS\System32\pjhlifcj.dll] [N/A, ]
[C:\WINDOWS\System32\flobkcei.dll] [N/A, ]
[C:\WINDOWS\System32\cfmfnglf.dll] [N/A, ]
[C:\WINDOWS\System32\jbfadhjj.dll] [N/A, ]
[C:\WINDOWS\System32\mpmiipbk.dll] [N/A, ]
[C:\WINDOWS\System32\klaginpl.dll] [N/A, ]
[C:\WINDOWS\System32\kpiohgkl.dll] [N/A, ]
[PID: 1180 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\aahpjnnm.dll] [N/A, ]
[C:\WINDOWS\system32\nabdnafi.dll] [N/A, ]
[C:\WINDOWS\system32\fcgkblai.dll] [N/A, ]
[C:\WINDOWS\system32\anmhnjnd.dll] [N/A, ]
[C:\WINDOWS\system32\flflbjlj.dll] [N/A, ]
[C:\WINDOWS\system32\fiekoaom.dll] [N/A, ]
[C:\WINDOWS\system32\pjhlifcj.dll] [N/A, ]
[C:\WINDOWS\system32\flobkcei.dll] [N/A, ]
[C:\WINDOWS\system32\cfmfnglf.dll] [N/A, ]
[C:\WINDOWS\system32\jbfadhjj.dll] [N/A, ]
[C:\WINDOWS\system32\mpmiipbk.dll] [N/A, ]
[C:\WINDOWS\system32\klaginpl.dll] [N/A, ]
[C:\WINDOWS\system32\kpiohgkl.dll] [N/A, ]
[PID: 1220 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\aahpjnnm.dll] [N/A, ]
[C:\WINDOWS\system32\nabdnafi.dll] [N/A, ]
[C:\WINDOWS\system32\fcgkblai.dll] [N/A, ]
[C:\WINDOWS\system32\anmhnjnd.dll] [N/A, ]

用户系统信息：Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; MAXTHON 2.0)

667772626 - 2009-1-29 17:52:00

[C:\WINDOWS\system32\flflbjlj.dll] [N/A, ]
[C:\WINDOWS\system32\fiekoaom.dll] [N/A, ]
[C:\WINDOWS\system32\pjhlifcj.dll] [N/A, ]
[C:\WINDOWS\system32\flobkcei.dll] [N/A, ]
[C:\WINDOWS\system32\cfmfnglf.dll] [N/A, ]
[C:\WINDOWS\system32\jbfadhjj.dll] [N/A, ]
[C:\WINDOWS\system32\mpmiipbk.dll] [N/A, ]
[C:\WINDOWS\system32\klaginpl.dll] [N/A, ]
[C:\WINDOWS\system32\kpiohgkl.dll] [N/A, ]
[PID: 1384 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\aahpjnnm.dll] [N/A, ]
[C:\WINDOWS\system32\nabdnafi.dll] [N/A, ]
[C:\WINDOWS\system32\fcgkblai.dll] [N/A, ]
[C:\WINDOWS\system32\anmhnjnd.dll] [N/A, ]
[C:\WINDOWS\system32\flflbjlj.dll] [N/A, ]
[C:\WINDOWS\system32\fiekoaom.dll] [N/A, ]
[C:\WINDOWS\system32\pjhlifcj.dll] [N/A, ]
[C:\WINDOWS\system32\flobkcei.dll] [N/A, ]
[C:\WINDOWS\system32\cfmfnglf.dll] [N/A, ]
[C:\WINDOWS\system32\jbfadhjj.dll] [N/A, ]
[C:\WINDOWS\system32\mpmiipbk.dll] [N/A, ]
[C:\WINDOWS\system32\klaginpl.dll] [N/A, ]
[C:\WINDOWS\system32\kpiohgkl.dll] [N/A, ]
[PID: 1580 / Administrator][C:\WINDOWS\Explorer.EXE] [(Verified) Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\aahpjnnm.dll] [N/A, ]
[C:\WINDOWS\system32\nabdnafi.dll] [N/A, ]
[C:\WINDOWS\system32\fcgkblai.dll] [N/A, ]
[C:\WINDOWS\system32\anmhnjnd.dll] [N/A, ]
[C:\WINDOWS\system32\flflbjlj.dll] [N/A, ]
[C:\WINDOWS\system32\fiekoaom.dll] [N/A, ]
[C:\WINDOWS\system32\pjhlifcj.dll] [N/A, ]
[C:\WINDOWS\system32\flobkcei.dll] [N/A, ]
[C:\WINDOWS\system32\cfmfnglf.dll] [N/A, ]
[C:\WINDOWS\system32\jbfadhjj.dll] [N/A, ]
[C:\WINDOWS\system32\mpmiipbk.dll] [N/A, ]
[C:\WINDOWS\system32\klaginpl.dll] [N/A, ]
[C:\WINDOWS\system32\kpiohgkl.dll] [N/A, ]
[C:\WINDOWS\system32\browselc.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 8, 120]
[C:\WINDOWS\system32\shdoclc.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\Program Files\360\360Safe\safemon\safemon.dll] [360.CN, 5, 0, 0, 1004]
[PID: 1628 / Administrator][C:\WINDOWS\system32\conime.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\aahpjnnm.dll] [N/A, ]
[C:\WINDOWS\system32\nabdnafi.dll] [N/A, ]
[C:\WINDOWS\system32\fcgkblai.dll] [N/A, ]
[C:\WINDOWS\system32\anmhnjnd.dll] [N/A, ] [C:\WINDOWS\system32\flflbjlj.dll] [N/A, ]
[C:\WINDOWS\system32\fiekoaom.dll] [N/A, ]
[C:\WINDOWS\system32\pjhlifcj.dll] [N/A, ]
[C:\WINDOWS\system32\flobkcei.dll] [N/A, ]
[C:\WINDOWS\system32\cfmfnglf.dll] [N/A, ]
[C:\WINDOWS\system32\jbfadhjj.dll] [N/A, ]
[C:\WINDOWS\system32\mpmiipbk.dll] [N/A, ]
[C:\WINDOWS\system32\klaginpl.dll] [N/A, ]
[C:\WINDOWS\system32\kpiohgkl.dll] [N/A, ]
[PID: 1740 / SYSTEM][C:\WINDOWS\system32\nvsvc32.exe] [NVIDIA Corporation, 6.14.11.7792]
[C:\WINDOWS\system32\aahpjnnm.dll] [N/A, ]
[C:\WINDOWS\system32\nabdnafi.dll] [N/A, ]
[C:\WINDOWS\system32\fcgkblai.dll] [N/A, ]
[C:\WINDOWS\system32\flflbjlj.dll] [N/A, ]
[C:\WINDOWS\system32\fiekoaom.dll] [N/A, ]
[C:\WINDOWS\system32\pjhlifcj.dll] [N/A, ]
[C:\WINDOWS\system32\cfmfnglf.dll] [N/A, ]
[C:\WINDOWS\system32\jbfadhjj.dll] [N/A, ]
[C:\WINDOWS\system32\mpmiipbk.dll] [N/A, ]
[C:\WINDOWS\system32\kpiohgkl.dll] [N/A, ]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1780 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[C:\WINDOWS\system32\aahpjnnm.dll] [N/A, ]
[C:\WINDOWS\system32\nabdnafi.dll] [N/A, ]
[C:\WINDOWS\system32\fcgkblai.dll] [N/A, ]
[C:\WINDOWS\system32\anmhnjnd.dll] [N/A, ]
[C:\WINDOWS\system32\flflbjlj.dll] [N/A, ]
[C:\WINDOWS\system32\fiekoaom.dll] [N/A, ]
[C:\WINDOWS\system32\pjhlifcj.dll] [N/A, ]
[C:\WINDOWS\system32\flobkcei.dll] [N/A, ]
[C:\WINDOWS\system32\cfmfnglf.dll] [N/A, ]
[C:\WINDOWS\system32\jbfadhjj.dll] [N/A, ]
[C:\WINDOWS\system32\mpmiipbk.dll] [N/A, ]
[C:\WINDOWS\system32\klaginpl.dll] [N/A, ]
[C:\WINDOWS\system32\kpiohgkl.dll] [N/A, ]
[PID: 188 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
[C:\WINDOWS\System32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\WINDOWS\System32\aahpjnnm.dll] [N/A, ]
[C:\WINDOWS\System32\nabdnafi.dll] [N/A, ]
[C:\WINDOWS\System32\fcgkblai.dll] [N/A, ]
[C:\WINDOWS\System32\anmhnjnd.dll] [N/A, ]
[C:\WINDOWS\System32\flflbjlj.dll] [N/A, ]
[C:\WINDOWS\System32\fiekoaom.dll] [N/A, ]
[C:\WINDOWS\System32\pjhlifcj.dll] [N/A, ]
[C:\WINDOWS\System32\flobkcei.dll] [N/A, ]
[C:\WINDOWS\System32\cfmfnglf.dll] [N/A, ]
[C:\WINDOWS\System32\jbfadhjj.dll] [N/A, ]
[C:\WINDOWS\System32\mpmiipbk.dll] [N/A, ]
[C:\WINDOWS\System32\klaginpl.dll] [N/A, ]
[C:\WINDOWS\System32\kpiohgkl.dll] [N/A, ]
[PID: 1616 / Administrator][D:\Program Files\Maxthon2\Maxthon.exe] [Maxthon International ltd., 2, 1, 5, 1250]
[D:\Program Files\Maxthon2\mxpp.dll] [Maxthon International ltd., 1, 0, 0, 241]
[D:\Program Files\Maxthon2\MxSk.dll] [Maxthon, 1, 0, 0, 413]
[D:\Program Files\Maxthon2\MxProxy2.dll] [Maxthon International ltd., 1, 0, 0, 4106]
[D:\Program Files\Maxthon2\MxExt.dll] [N/A, ]
[D:\Program Files\Maxthon2\MxUI.dll] [Maxthon International, 3, 3, 0, 9]
[C:\WINDOWS\system32\aahpjnnm.dll] [N/A, ]
[C:\WINDOWS\system32\nabdnafi.dll] [N/A, ]
[C:\WINDOWS\system32\fcgkblai.dll] [N/A, ]
[C:\WINDOWS\system32\anmhnjnd.dll] [N/A, ]
[C:\WINDOWS\system32\flflbjlj.dll] [N/A, ]
[C:\WINDOWS\system32\fiekoaom.dll] [N/A, ]
[C:\WINDOWS\system32\pjhlifcj.dll] [N/A, ]
[C:\WINDOWS\system32\flobkcei.dll] [N/A, ]
[C:\WINDOWS\system32\cfmfnglf.dll] [N/A, ]
[C:\WINDOWS\system32\jbfadhjj.dll] [N/A, ]
[C:\WINDOWS\system32\mpmiipbk.dll] [N/A, ]
[C:\WINDOWS\system32\klaginpl.dll] [N/A, ]
[C:\WINDOWS\system32\kpiohgkl.dll] [N/A, ]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[D:\Program Files\Maxthon2\mxtool.dll] [, 1, 0, 0, 1]
[D:\Program Files\Maxthon2\maxzlib.dll] [, 1.2.3]
[D:\Program Files\Maxthon2\Modules\MxWebBoost\MxWebBoost.dll] [Maxthon, 1,0,2,1267]
[D:\Program Files\Maxthon2\mxdb.dll] [Max, 3, 5, 3, 125]
[D:\Program Files\Maxthon2\Modules\MxHistory\MxHistory.dll] [Maxthon International ltd., 1, 0, 0, 302]
[C:\WINDOWS\system32\shdoclc.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx] [Adobe Systems, Inc., 9,0,124,0]
[C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 8, 120]
[C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 4.0.0.1959]
[D:\Program Files\360\360Safe\safemon\safemon.dll] [360.CN, 5, 0, 0, 1004]
[PID: 440 / Administrator][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.797\SREngLdr.EXE] [Smallfrogs Studio, 2.7.0.1210]
[C:\WINDOWS\system32\cfmfnglf.dll] [N/A, ]
[C:\WINDOWS\system32\flobkcei.dll] [N/A, ]
[C:\WINDOWS\system32\pjhlifcj.dll] [N/A, ]
[C:\WINDOWS\system32\fiekoaom.dll] [N/A, ]
[C:\WINDOWS\system32\flflbjlj.dll] [N/A, ]
[C:\WINDOWS\system32\anmhnjnd.dll] [N/A, ]
[C:\WINDOWS\system32\fcgkblai.dll] [N/A, ]
[C:\WINDOWS\system32\nabdnafi.dll] [N/A, ]
[C:\WINDOWS\system32\aahpjnnm.dll] [N/A, ]
[C:\WINDOWS\system32\kpiohgkl.dll] [N/A, ]
[C:\WINDOWS\system32\klaginpl.dll] [N/A, ]
[C:\WINDOWS\system32\mpmiipbk.dll] [N/A, ]
[C:\WINDOWS\system32\jbfadhjj.dll] [N/A, ]
[PID: 1476 / Administrator][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.797\SRE5adef2a7.EXE] [Smallfrogs Studio, 2.7.0.1210]
[C:\WINDOWS\system32\cfmfnglf.dll] [N/A, ]
[C:\WINDOWS\system32\flobkcei.dll] [N/A, ]
[C:\WINDOWS\system32\pjhlifcj.dll] [N/A, ]
[C:\WINDOWS\system32\fiekoaom.dll] [N/A, ]
[C:\WINDOWS\system32\flflbjlj.dll] [N/A, ]
[C:\WINDOWS\system32\anmhnjnd.dll] [N/A, ]
[C:\WINDOWS\system32\fcgkblai.dll] [N/A, ]
[C:\WINDOWS\system32\nabdnafi.dll] [N/A, ]
[C:\WINDOWS\system32\aahpjnnm.dll] [N/A, ]
[C:\WINDOWS\system32\kpiohgkl.dll] [N/A, ]
[C:\WINDOWS\system32\klaginpl.dll] [N/A, ]
[C:\WINDOWS\system32\mpmiipbk.dll] [N/A, ]
[C:\WINDOWS\system32\jbfadhjj.dll] [N/A, ]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[D:\Program Files\360\360Safe\safemon\safemon.dll] [360.CN, 5, 0, 0, 1004]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.797\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]

==================================
文件关联
.TXT Error. [C:\WINDOWS\notepad.exe %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM Error. ["hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 v.onondown.com.cn
127.0.0.2 ymsdasdw1.cn
127.0.0.3 h96b.info
127.0.0.0 xxx.zttwp.cn
127.0.0.0 www.hackerbf.cn
127.0.0.0 ww.popdm.cn
127.1.1.1 bbt.etimes888.com
127.1.1.1 219.147.13.53
127.1.1.1 dl.360safe.com
127.1.1.1 20068080.cn
127.1.1.1 l.neter888.cn
127.1.1.1 stat.untang.com
127.1.1.1 www.ikdy.cn
127.0.0.0 geekbyfeng.cn
127.0.0.0 121.14.101.68
127.0.0.0 ppp.etimes888.com
127.0.0.0 www.bypk.com
127.0.0.0 CSC3-2004-crl.verisign.com
127.0.0.1 va9sdhun23.cn
127.0.0.0 udp.hjob123.com
127.1.1.1 999.hfdy2828.com
127.1.1.1 www.hfdy2929.com
127.1.1.1 www.xiazaide1.cn
127.1.1.1 www.vuf51579.cn
127.1.1.1 wm.eo2q.cn
127.1.1.1 d.www-263.com
127.1.1.1 www.ssy1688.cn
127.1.1.1 121.12.173.218
127.1.1.1 qq.18i16.net
127.1.1.1 a.baidu-6661.com
127.1.1.1 www.vuf51579.cn
127.1.1.1 www.1079223105.cn
127.1.1.1 home.xzx6.cn
127.1.1.1 top.fgc3.cn
127.1.1.1 165.246.44.228
127.1.1.1 wwww.ttfafa.com
127.1.1.1 pa.tt-09.com
127.0.0.2 bnasnd83nd.cn
127.0.0.0 www.gamehacker.com.cn
127.0.0.0 gamehacker.com.cn
127.1.1.1 www.cctv-100008.cn
127.1.1.1 222.73.208.141
127.0.0.3 adlaji.cn
127.1.1.1 aiyyw.com
127.0.0.1 858656.com
127.1.1.1 bnasnd83nd.cn
127.0.0.1 my123.com
127.0.0.0 user1.12-27.net
127.0.0.1 8749.com
127.0.0.0 fengent.cn
127.0.0.1 4199.com
127.0.0.1 user1.16-22.net
127.0.0.1 7379.com
127.0.0.1 2be37c5f.3f6e2cc5f0b.com
127.0.0.1 7255.com
127.0.0.1 user1.23-12.net
127.0.0.1 3448.com
127.0.0.1 www.guccia.net
127.0.0.1 7939.com
127.0.0.1 a.o1o1o1.nEt
127.0.0.1 8009.com
127.0.0.1 user1.12-73.cn
127.0.0.1 piaoxue.com
127.0.0.1 3n8nlasd.cn
127.0.0.1 kzdh.com
127.0.0.0 www.sony888.cn
127.0.0.1 about.blank.la
127.0.0.0 user1.asp-33.cn
127.0.0.1 6781.com
127.0.0.0 www.netkwek.cn
127.0.0.1 7322.com
127.0.0.0 ymsdkad6.cn
127.0.0.1 localhost
127.0.0.0 www.lkwueir.cn
127.0.0.1 06.jacai.com
127.0.1.1 user1.23-17.net
127.0.0.1 1.jopenkk.com
127.0.0.0 upa.luzhiai.net
127.0.0.1 1.jopenqc.com
127.0.0.0 www.guccia.net
127.0.0.1 1.joppnqq.com
127.0.0.0 4m9mnlmi.cn
127.0.0.1 1.xqhgm.com
127.0.0.0 mm119mkssd.cn
127.0.0.1 100.332233.com
127.0.0.0 61.128.171.115:8080
127.0.0.1 121.11.90.79
127.0.0.0 www.1119111.com
127.0.0.1 121565.net
127.0.0.0 win.nihao69.cn
127.0.0.1 125.90.88.38
127.0.0.1 16888.6to23.com
127.0.0.1 2.joppnqq.com
127.0.0.0 puc.lianxiac.net
127.0.0.1 204.177.92.68
127.0.0.0 pud.lianxiac.net
127.0.0.1 210.74.145.236
127.0.0.0 210.76.0.133
127.0.0.1 219.129.239.220
127.0.0.0 61.166.32.2
127.0.0.1 219.153.40.221
127.0.0.0 218.92.186.27
127.0.0.1 219.153.46.27
127.0.0.0 www.fsfsfag.cn
127.0.0.1 219.153.52.123
127.0.0.0 ovo.ovovov.cn
127.0.0.1 221.195.42.71
127.0.0.0 dw.com.com
127.0.0.1 222.73.218.115
127.0.0.1 203.110.168.233:80
127.0.0.1 3.joppnqq.com
127.0.0.1 203.110.168.221:80
127.0.0.1 363xx.com
127.0.0.1 www1.ip10086.com.cm
127.0.0.1 4199.com
127.0.0.1 blog.ip10086.com.cn
127.0.0.1 43242.com
127.0.0.1 www.ccji68.cn
127.0.0.1 5.xqhgm.com
127.0.0.0 t.myblank.cn
127.0.0.1 520.mm5208.com
127.0.0.0 x.myblank.cn
127.0.0.1 59.34.131.54
127.0.0.1 210.51.45.5
127.0.0.1 59.34.198.228
127.0.0.1 www.ew1q.cn
127.0.0.1 59.34.198.88
127.0.0.1 59.34.198.97
127.0.0.1 60.190.114.101
127.0.0.1 60.190.218.34
127.0.0.0 qq-xing.com.cn
127.0.0.1 60.191.124.252
127.0.0.1 61.145.117.212
127.0.0.1 61.157.109.222
127.0.0.1 75.126.3.216
127.0.0.1 220.250.64.21
127.0.0.1 75.126.3.217
127.0.0.1 75.126.3.218
127.0.0.0 59.125.231.177:17777
127.0.0.1 75.126.3.220
127.0.0.1 75.126.3.221
127.0.0.1 75.126.3.222
127.0.0.1 772630.com
127.0.0.1 832823.cn
127.0.0.1 8749.com
127.0.0.1 888.jopenqc.com
127.0.0.1 89382.cn
127.0.0.1 8v8.biz
127.0.0.1 97725.com
127.0.0.1 9gg.biz
127.0.0.1 www.9000music.com
127.0.0.1 test.591jx.com
127.0.0.1 a.topxxxx.cn
127.0.0.1 picon.chinaren.com
127.0.0.1 www.5566.net
127.0.0.1 p.qqkx.com
127.0.0.1 news.netandtv.com
127.0.0.1 z.neter888.cn
127.0.0.1 b.myblank.cn
127.0.0.1 wvw.wokutu.com
127.0.0.1 unionch.qyule.com
127.0.0.1 www.qyule.com
127.0.0.1 it.itjc.cn
127.0.0.1 www.linkwww.com
127.0.0.1 vod.kaicn.com
127.0.0.1 www.tx8688.com
127.0.0.1 b.neter888.cn
127.0.0.1 promote.huanqiu.com
127.0.0.1 www.huanqiu.com
127.0.0.1 www.haokanla.com
127.0.0.1 play.unionsky.cn
127.0.0.1 www.52v.com
127.0.0.1 www.gghka.cn
127.0.0.1 icon.ajiang.net
127.0.0.1 new.ete.cn
127.0.0.1 www.stiae.cn
127.0.0.1 o.neter888.cn
127.0.0.1 comm.jinti.com
127.0.0.1 www.google-analytics.com
127.0.0.1 hz.mmstat.com
127.0.0.1 www.game175.cn
127.0.0.1 x.neter888.cn
127.0.0.1 z.neter888.cn
127.0.0.1 p.etimes888.com
127.0.0.1 hx.etimes888.com
127.0.0.1 abc.qqkx.com
127.0.0.1 dm.popdm.cn
127.0.0.1 www.yl9999.com
127.0.0.1 www.dajiadoushe.cn
127.0.0.1 v.onondown.com.cn
127.0.0.1 www.interoo.net
127.0.0.1 bally1.bally-bally.net
127.0.0.1 www.bao5605509.cn
127.0.0.1 www.rty456.cn
127.0.0.1 www.werqwer.cn
127.0.0.1 1.360-1.cn
127.0.0.1 user1.23-16.net
127.0.0.1 www.guccia.net
127.0.0.1 www.interoo.net
127.0.0.1 upa.netsool.net
127.0.0.1 js.users.51.la
127.0.0.1 vip2.51.la
127.0.0.1 web.51.la
127.0.0.1 qq.gong2008.com
127.0.0.1 2008tl.copyip.com
127.0.0.1 tla.laozihuolaile.cn
127.0.0.1 www.tx6868.cn
127.0.0.1 p001.tiloaiai.com
127.0.0.1 s1.tl8tl.com
127.0.0.1 s1.gong2008.com
127.0.0.1 4b3ce56f9g.3f6e2cc5f0b.com
127.0.0.1 2be37c5f.3f6e2cc5f0b.com

==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 744, C:\WINDOWS\SYSTEM32\WINLOGON.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1740, C:\WINDOWS\SYSTEM32\NVSVC32.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 440, C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\RAR$EX00.797\SRENGLDR.EXE]

==================================
计划任务
[已启用] SogouImeMgr.job
C:\PROGRA~1\SOGOUI~1\400~1.195\PinyinRepair.exe

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================

[/CODE]

版主给看看啊急！！！！！！

667772626 - 2009-1-29 17:53:00

我用那个你说的软件一粘贴那木马日志点开始处理就重启了但是还是会有啊！

667772626 - 2009-1-29 17:55:00

而且360不停的说有新增的系统可执行挂钩
很多木马是在TEMP下的粉碎文件后一上网又有了

天月来了 - 2009-1-29 17:58:00

既然重装系统了

那就再重装一次

进新系统的第一次，绝不使用其他盘文件，绝不运行其他盘任何程序

然后直接用我那木马群的贴2楼介绍的方法搜索其他盘所有的usp10.dll文件以及QQ目录内的psapi.dll文件

找到的都复制在一起压缩发来

然后全部删除

基本就可以了

667772626 - 2009-1-29 18:03:00

哦但这个日志里看出了问题么因为又好像没事了
360查杀没有木马但是那个提升新增系统挂钩还是会有

天月来了 - 2009-1-29 18:05:00

一大大堆木马群病毒在运行

按照我说的来吧

我很想要所有文件

你愿意帮忙吗？？？

667772626 - 2009-1-29 18:06:00

好等下ha

天月来了 - 2009-1-29 18:14:00

——————————————————————————————————————————
这里下载手工清理木马群工具包，并解压至C盘文件夹里。（全部工具内附操作说明）：
http://bbs.ikaka.com/attachment.aspx?attachmentid=480689

然后作好下面操作需要的所有准备，彻底断网处理。
———————————————————————
用工具包内的wsyscheck工具搜索查找下面文件。复制并压缩在一起发来。
包括其他盘各软件程序同目录内的usp10.dll文件，以及QQ目录内的psapi.dll文件都得找到压缩后发来。

C:\WINDOWS\System32\Drivers\msiffei.sys
C:\WINDOWS\system32\CDC7F049.dat
C:\Program Files\Internet Explorer\PowerNeNt.Onz
C:\WINDOWS\system32\aahpjnnm.dll
C:\WINDOWS\system32\nabdnafi.dll
C:\WINDOWS\system32\fcgkblai.dll
C:\WINDOWS\system32\anmhnjnd.dll
C:\WINDOWS\system32\flflbjlj.dll
C:\WINDOWS\system32\fiekoaom.dll
C:\WINDOWS\system32\pjhlifcj.dll
C:\WINDOWS\system32\flobkcei.dll
C:\WINDOWS\system32\cfmfnglf.dll
C:\WINDOWS\system32\jbfadhjj.dll
C:\WINDOWS\system32\mpmiipbk.dll
C:\WINDOWS\system32\klaginpl.dll
C:\WINDOWS\system32\kpiohgkl.dll

———————————————————————
用工具包内的“XDELBOX删除文件工具”去删除病毒文件。工具包必须全部解压至C盘后应用。

如果XDELBOX工具操作中提示出错，不能操作，可以继续使用工具包内其他SmtDel工具、费尔工具、超级巡警、EasyDelete工具删除病毒文件。（全部内附操作说明图）

启动XDELBOX程序。复制粘贴上面那些文件操作删除：

重启电脑自动运行完毕进入系统后，不论删除结果如何立即继续下面操作。
———————————————————————
可以这贴里找相同系统里的ctfmon.exe文件下载：
http://bbs.ikaka.com/showtopic-8417665.aspx

用工具包内的“SmtRpl替换文件工具”（有使用说明）
将C:\WINDOWS\system32\ctfmon.exe替换回正常的系统文件.
————————————————————————————————————
在扫日志的SRENG工具》启动项目》注册表》里将<AppInit_DLLs>项目置空（就是选择“编辑”）这必须关闭杀毒软件的监控，否则改不了可能。

就是将 <AppInit_DLLs> 的“值”项编辑置空

你可以选择其中一个红色项，然后编辑时你可能看不到什么，只需要在值项里输入任意一个字母或数字即可。
————————————————————————————————————
在扫日志的SRENG工具》启动项目》注册表》里面找下面项目删除：
启动项目
注册表
<{F5F5B353-8A98-44B4-9CB9-0E51F2387358}><C:\WINDOWS\system32\flflbjlj.dll> []
<{7ABD7AF2-C737-4FD5-9AB1-E5A4AF4261CE}><C:\WINDOWS\system32\nabdnafi.dll> []
<{93152FC3-5705-45EA-B9BC-00E0C1926A4C}><C:\WINDOWS\system32\pjhlifcj.dll> []
<{FC04B5A2-053E-49A3-A33C-101365579298}><C:\WINDOWS\system32\fcgkblai.dll> []
<{F2E48A86-ABB8-43CB-8CB8-BB729B1782C1}><C:\WINDOWS\system32\fiekoaom.dll> []
<{CF6F705F-C856-4FB8-B07F-13335EC1BB6C}><C:\WINDOWS\system32\cfmfnglf.dll> []
<{3BFAD133-DE4A-4160-B475-38643C5E4DEE}><C:\WINDOWS\system32\jbfadhjj.dll> []
<{696229B4-758E-4830-BDF7-98BAE81948F3}><C:\WINDOWS\system32\mpmiipbk.dll> []
<{45A02795-EBD0-416D-96E1-10FEADF8E97E}><C:\WINDOWS\system32\klaginpl.dll> []
<{49281045-AED2-4C7D-89CA-4BE3E2AD68DA}><C:\WINDOWS\system32\kpiohgkl.dll> []
<{A761737D-2F13-4504-9133-F08F7F22D0A4}><C:\WINDOWS\system32\anmhnjnd.dll> []
<{AA193776-4AD2-4CBC-A61C-1C43F06849EC}><C:\WINDOWS\system32\aahpjnnm.dll> []
<{F58B4CE2-E0C3-4237-B423-AAF5E54321DE}><C:\WINDOWS\system32\flobkcei.dll> []
<F5F5B353><C:\WINDOWS\system32\flflbjlj.dll> []
<93152FC3><C:\WINDOWS\system32\pjhlifcj.dll> []
<F2E48A86><C:\WINDOWS\system32\fiekoaom.dll> []
<CF6F705F><C:\WINDOWS\system32\cfmfnglf.dll> []
<7ABD7AF2><C:\WINDOWS\system32\nabdnafi.dll> []
<45A02795><C:\WINDOWS\system32\klaginpl.dll> []
<696229B4><C:\WINDOWS\system32\mpmiipbk.dll> []
<3BFAD133><C:\WINDOWS\system32\jbfadhjj.dll> []
<F58B4CE2><C:\WINDOWS\system32\flobkcei.dll> []
<AA193776><C:\WINDOWS\system32\aahpjnnm.dll> []
<49281045><C:\WINDOWS\system32\kpiohgkl.dll> []
<FC04B5A2><C:\WINDOWS\system32\fcgkblai.dll> []
<A761737D><C:\WINDOWS\system32\anmhnjnd.dll> []
————————————————————————————————————
在扫日志的SRENG工具》启动项目》服务》驱动程序》里面找下面项删除，
==================================
驱动程序
[msiffei / msiffei][Stopped/Manual Start]
<System32\Drivers\msiffei.sys><N/A>

[Safe Mon 360 / SafeMon0][Running/System Start]
<\??\C:\WINDOWS\system32\CDC7F049.dat><N/A>
—————————————————————————————
在扫日志的SRENG工具》系统修复》浏览器加载项》里面找下面删除
==================================
浏览器加载项
[]
{6A8D34D7-08D7-421F-AFF6-956A0BD6F0BF} <C:\Program Files\Internet Explorer\PowerNeNt.Onz, N/A>
——————————————————————————————————————
手工直接去IE浏览器的菜单里找“工具”项里选择“internet选项”点击“删除文件”勾选“删除脱机文件”再点“确定”清空IE缓存。

用“系统垃圾文件清理工具”清空能清空的垃圾文件，不能清空的不管它
下载：http://bbs.ikaka.com/attachment.aspx?attachmentid=479547

用工具包内的“系统垃圾文件清理工具”清空能清空的垃圾文件，不能清空的不管它
————————————————————————————————————
再重启电脑，反复检查，操作的结果，

连网用W i n d o w s 清理助手，清理你那系统。
W i n d o w s 清理助手下载：http://www.arswp.com/

杀毒软件升级至最新版本全盘杀。

记得打全系统漏洞补丁

SRENG工具的各项操作看这里：http://bbs.ikaka.com/showtopic-8545446.aspx

请用解压工具WinRAR依路径打开其他盘所有包含.exe程序文件的文件夹,找文件夹内是否有大量的USP10.dll文件存在。以及QQ目录内是否有psapi.dll文件存在，如果有，就将文件尽量多的压缩发来，急需要文件样本。
如果找到类似文件，就压缩打包发至论坛。并请标明主题“usp10.dll或psapi.dll”

天月来了 - 2009-1-29 18:15:00

因为其他盘所有包含.exe程序文件的文件夹内可能有大量的USP10.dll文件存在。以及QQ目录内是否有psapi.dll文件存在，

所以你处理过程中，千万不能再运行其他盘的任何程序文件

一运行就又要下载病毒了

天月来了 - 2009-1-29 18:19:00

日志文件以附件形式发来
点击我这贴右下角的“引用”或最右下角的那个较大的“回复”然后就应该知道怎么发了。
请不要开新贴发日志，就原贴接贴发日志即可。

667772626 - 2009-1-29 18:19:00

这个

附件: SREngLOG.log

aaccbbdd - 2009-1-29 18:23:00

1.全盘搜索usp10.dll
删除C盘外的全部
usp10.dll
2.删除QQ安装目录里的psapi.dll

3.建议使用XDelBox删除以下文件：(XDelBox1.8下载)
使用说明：删除时复制所有要删除文件的路径，在待删除文件列表里点击右键选择从剪贴板导入，导入后在要删除文件上点击右键，选择立刻重启删除，电脑会重启进入DOS界面进行删除操作。运行xdelbox前最好卸载所有可移动存储介质（包括U盘，MP3，手机存储卡等）。

c:\windows\system32\aahpjnnm.dll
c:\windows\system32\anmhnjnd.dll
c:\windows\system32\cfmfnglf.dll
c:\windows\system32\fcgkblai.dll
c:\windows\system32\fiekoaom.dll
c:\windows\system32\flflbjlj.dll
c:\windows\system32\flobkcei.dll
c:\windows\system32\jbfadhjj.dll
c:\windows\system32\klaginpl.dll
c:\windows\system32\kpiohgkl.dll
c:\windows\system32\mpmiipbk.dll
c:\windows\system32\nabdnafi.dll
c:\windows\system32\pjhlifcj.dll
c:\windows\system32\cdc7f049.dat
c:\program files\internet explorer\powernent.onz

4.删除重启后使用SREng修复下面各项：

启动项目－－注册表之如下项删除：
[A761737D] <C:\WINDOWS\system32\anmhnjnd.dll>
[FC04B5A2] <C:\WINDOWS\system32\fcgkblai.dll>
[FC04B5A2] <C:\WINDOWS\system32\fcgkblai.dll>
[49281045] <C:\WINDOWS\system32\kpiohgkl.dll>
[AA193776] <C:\WINDOWS\system32\aahpjnnm.dll>
[F58B4CE2] <C:\WINDOWS\system32\flobkcei.dll>
[3BFAD133] <C:\WINDOWS\system32\jbfadhjj.dll>
[696229B4] <C:\WINDOWS\system32\mpmiipbk.dll>
[45A02795] <C:\WINDOWS\system32\klaginpl.dll>
[7ABD7AF2] <C:\WINDOWS\system32\nabdnafi.dll>
[CF6F705F] <C:\WINDOWS\system32\cfmfnglf.dll>
[F2E48A86] <C:\WINDOWS\system32\fiekoaom.dll>
[93152FC3] <C:\WINDOWS\system32\pjhlifcj.dll>
[F5F5B353] <C:\WINDOWS\system32\flflbjlj.dll>
[{AA193776-4AD2-4CBC-A61C-1C43F06849EC}] <C:\WINDOWS\system32\aahpjnnm.dll>
[{93152FC3-5705-45EA-B9BC-00E0C1926A4C}] <C:\WINDOWS\system32\pjhlifcj.dll>
[{7ABD7AF2-C737-4FD5-9AB1-E5A4AF4261CE}] <C:\WINDOWS\system32\nabdnafi.dll>
[{FC04B5A2-053E-49A3-A33C-101365579298}] <C:\WINDOWS\system32\fcgkblai.dll>
[{A761737D-2F13-4504-9133-F08F7F22D0A4}] <C:\WINDOWS\system32\anmhnjnd.dll>
[{F2E48A86-ABB8-43CB-8CB8-BB729B1782C1}] <C:\WINDOWS\system32\fiekoaom.dll>
[{F58B4CE2-E0C3-4237-B423-AAF5E54321DE}] <C:\WINDOWS\system32\flobkcei.dll>
[{CF6F705F-C856-4FB8-B07F-13335EC1BB6C}] <C:\WINDOWS\system32\cfmfnglf.dll>
[{3BFAD133-DE4A-4160-B475-38643C5E4DEE}] <C:\WINDOWS\system32\jbfadhjj.dll>
[{696229B4-758E-4830-BDF7-98BAE81948F3}] <C:\WINDOWS\system32\mpmiipbk.dll>
[{45A02795-EBD0-416D-96E1-10FEADF8E97E}] <C:\WINDOWS\system32\klaginpl.dll>
[{49281045-AED2-4C7D-89CA-4BE3E2AD68DA}] <C:\WINDOWS\system32\kpiohgkl.dll>
[{F5F5B353-8A98-44B4-9CB9-0E51F2387358}] <C:\WINDOWS\system32\flflbjlj.dll>
注意该项[AppInit_DLLs]修改：把<fcgkblai.dll,aahpjnnm.dll,kpiohgkl.dll,klaginpl.dll,mpmiipbk.dll,jbfadhjj.dll,cfmfnglf.dll,nabdnafi.dll,,anmhnjnd.dll,flflbjlj.dll,fiekoaom.dll,pjhlifcj.dll,flobkcei.dll>修改为<>即清空

启动项目－－服务－－驱动程序之如下项删除：
(勾选隐藏已认证的微软项目,选中有问题的驱动/服务后，点"删除服务"，点"设置"按钮即可。注意弹出的窗口中要点"否NO"才是确认删除服务）

[Safe Mon 360 / SafeMon0] <\??\C:\WINDOWS\system32\CDC7F049.dat>

系统修复－－　浏览器加载项之如下项删除：
[] <C:\Program Files\Internet Explorer\PowerNeNt.Onz>

5.清理助手下载
安装后，升级清理助手，全盘扫描
清理系统

667772626 - 2009-1-29 18:24:00

天哥你介绍下一般电脑装哪几个防毒清理安全软件较好！
瑞星是有的

天月来了 - 2009-1-29 18:24:00

就我前面回你的那些去忙吧

WinRAR和任何需要的工具都需要放在系统盘C盘运行

其他盘不要再运行了

还有我真的需要你用wsyscheck工具进行搜索usp10.dll和psapi.dll文件尽量多的发几个来

否则你只有用这工具试了

http://bbs.ikaka.com/showtopic-8592394.aspx

天月来了 - 2009-1-29 18:26:00

装哪个都不行

只要你装国内主流的杀毒软件，就全部没用

因为这木马群的制毒者，时测试过能干掉所有主流杀毒软件后，才放出来的。

瑞星卡卡安全论坛