1   1  /  1  页   跳转

中奖了 高手请帮忙 有日志

收藏
jzlang
头像
初生襁褓狮
  • 帖子:10
  • 注册: 2006-10-26
  • 来自:
发表于: 2006-11-03 17:57 | 只看楼主 短消息 资料
字号: 1楼

中奖了 高手请帮忙 有日志

2006-11-02,19:51:54

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Professional Service Pack 4 (Build 2195)
- 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <Internat.exe><internat.exe>  [(Verified)Microsoft Corporation]
    <swg><C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe>  [(Verified)Google Inc.]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <Synchronization Manager><mobsync.exe /logon>  [(Verified)Microsoft Corporation]
    <SiSPower><Rundll32.exe SiSPower.dll,ModeAgent>  [Silicon Integrated Systems Corporation]
    <SoundMan><SOUNDMAN.EXE>  [(Verified)Realtek Semiconductor Corp.]
    <FASTKEY><C:\Program Files\Lenovo\功能键盘\HotKeyB.exe>  [联想电脑公司]
    <CnsMin><Rundll32.exe C:\WINNT\DOWNLO~1\CnsMin.dll,Rundll32>  [北京三七二一科技有限公司]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <Thunder><"C:\Program Files\Thunder Network\Thunder\Thunder.exe" /s>  [Thunder Networking Technologies,LTD]
    <A><C:\WINNT\system32\rundll32.exe mont.dll s>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <9><C:\WINNT\system32\vpcrm.exe>  [N/A]
    <internet><C:\WINNT\system32\internet.exe /scan>  [Microsoft  Windows  Operating System]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINNT\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{D157330A-9EF3-49F8-9A67-4141AC41ADD4}><C:\WINNT\DOWNLO~1\CnsHook.dll>  [北京三七二一科技有限公司]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><>  [N/A]
    <{4BAB150F-DD97-476D-9C1E-41B6CDC0CA7A}><C:\PROGRA~1\Yahoo!\ASSIST~1\yclickon.dll>  [YAHOO Corporation Limited]
    <{E568441B-9EF3-49F8-9A67-4141AC41ADD4}><C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll>  [Yahoo! China]
    <{DD7D4640-4464-48C0-82FD-21338366D2D2}><C:\Program Files\Internet Explorer\InfoMs.tdm>  [N/A]
    <{9915CFD1-6B7D-4AC5-ABAC-136924579E91}><C:\Program Files\Internet Explorer\PLUGINS\system.sys>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <DLMon><C:\WINNT\system32\DLMain.dll>  [N/A]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><C:\WINNT\system32\ssmarque.scr>  [(Verified)Microsoft Corporation]

==================================
启动文件夹
[Zcom 娱乐]
  <C:\Documents and Settings\lenovo\「开始」菜单\程序\启动\Zcom 娱乐.lnk --> C:\PROGRA~1\Zcom\ZCOMSE~1.EXE [智通无限]><N>

==================================
服务
[ASP.NET State Service / aspnet_state]
  <C:\WINNT\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[Logical Disk Manager Administrative Service / dmadmin]
  <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[GrayPigeon_Hacker.com.cn / GrayPigeon_Hacker.com.cn]
  <C:\WINNT\Hacker.com.cn.exe><N/A>
[KDDelegateService / KDDelegateService]
  <C:\Program Files\Kingdee\K3ERP\KDDelegateService.exe><KINGDEE>

==================================
驱动程序
[00 / 00]
  <\SystemRoot\\SystemRoot\System32\drivers\35287875.sys><N/A>
[138437 / 138437]
  <\SystemRoot\System32\drivers\138437.sys><N/A>
[a0 / a0]
  <\SystemRoot\\SystemRoot\System32\drivers\138437.sys><N/A>
[Service for WDM 3D Audio Driver / ALCXSENS]
  <system32\drivers\ALCXSENS.SYS><Sensaura>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[Cdr4_2K / Cdr4_2K]
  <C:\WINNT\SYSTEM32\DRIVERS\Cdr4_2K.SYS><Roxio>
[Cdralw2k / Cdralw2k]
  <C:\WINNT\SYSTEM32\DRIVERS\Cdralw2k.SYS><Roxio>
[CnsMinKP / CnsMinKP]
  <\SystemRoot\system32\drivers\CnsMinKP.sys><Copyright (C) 3721 Corporation.>
[dmboot / dmboot]
  <System32\drivers\dmboot.sys><VERITAS Software Corp.>
[Logical Disk Manager Driver / dmio]
  <\SystemRoot\System32\drivers\dmio.sys><VERITAS Software Corp.>
[dmload / dmload]
  <\SystemRoot\System32\drivers\dmload.sys><VERITAS Software Corp.>
[FixDrv / FixDrv]
  <C:\WINNT\SYSTEM32\DRIVERS\FixDrv.SYS><N/A>
[HpaFilt / HpaFilt]
  <C:\WINNT\SYSTEM32\DRIVERS\HpaFilt.SYS><Litsoft Co. LTD.>
[HpaLower / HpaLower]
  <C:\WINNT\SYSTEM32\DRIVERS\HpaLower.SYS><N/A>
[npkcrypt / npkcrypt]
  <\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><N/A>
[pciidey / pciidey]
  <C:\WINNT\SYSTEM32\DRIVERS\pciidey.SYS><Windows (R) 2000 DDK provider>
[Direct Parallel Link Driver / Ptilink]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek 10/100/1000 NIC Family all in one NDIS NT Driver / RTL8023]
  <system32\DRIVERS\Rtlnic.sys><Realtek Semiconductor Corporation>
[Realtek RTL8139-based PCI Fast Ethernet Adapter NT Driver / rtl8139]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[SiS315 / SiS315]
  <system32\DRIVERS\sisgrp.sys><Silicon Integrated Systems Corporation>
[SiS AGP Filter / SISAGP]
  <\SystemRoot\system32\DRIVERS\SISAGPx.sys><Silicon Integrated Systems Corporation>
[SiSkp / SiSkp]
  <system32\DRIVERS\srvkp.sys><Silicon Integrated Systems Corporation>
[yaskp / yaskp]
  <\SystemRoot\system32\drivers\yaskp.sys><Copyright (C) yahoo Corporation.>
[R2A / R2A]
  <\??\C:\WINNT\system32a2.sys><N/A>
[OPE005 / OPE005]
  <2 - 系统找不到指定的文件。
><N/A>
最后编辑2006-11-03 18:35:51
分享到:
gototop
 
jzlang
头像
初生襁褓狮
  • 帖子:10
  • 注册: 2006-10-26
  • 来自:
发表于: 2006-11-03 18:00 | 只看楼主 短消息 资料
字号: 2楼

==================================
浏览器加载项
[Yahoo!Photo]
  {33BBE430-0E42-4f12-B075-8D21ACB10DCB} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll, Yahoo! China>
[AntiFish Class]
  {38928D50-8A48-44C2-945F-D2F23F771410} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll, yahoo! china>
[DragSearch BHO]
  {62EED7C6-9F02-42f9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, yahoo! china>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_004.dll, Thunder Networking Technologies,LTD>
[IeCatch2 Class]
  {A5366673-E8CA-11D3-9CD9-0090271D075B} <C:\PROGRA~1\FLASHGET\jccatch.dll, Amaze Soft>
[Google Toolbar Helper]
  {AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[CnsHook Class]
  {D157330A-9EF3-49F8-9A67-4141AC41ADD4} <C:\WINNT\DOWNLO~1\CnsHook.dll, 北京三七二一科技有限公司>
[]
  {F930FD34-827B-4773-B8A6-8CD4C78AEA25} <C:\WINNT\system32\Interner_Ex.dll, N/A>
[assist]
  {FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yassist.dll, Yahoo! China>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[豪杰超级解霸9]
  {367E0A21-8601-4986-9C9A-153BF5ACA118} <C:\Program Files\Herosoft\Hero 9\STHSDVD.EXE, herosoft>
[Yahoo 3.5G电邮]
  {507F9113-CD77-4866-BA92-0E86DA3D0B97} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail, N/A>
[名品折扣]
  {59BC54A2-56B3-44a0-93E5-432D58746E26} <http://adtaobao.allyes.com/main/adfclick?db=adtaobao&bid=138,140,18&cid=816,8,1&sid=5042&show=ignore&url=http://www.taobao.com/vertical/mall/pro.php?allyesPara=816, N/A>
[雅虎助手]
  {5D73EE86-05F1-49ed-B850-E423120EC338} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist, N/A>
[雅虎WIDGET]
  {6354ABE6-05F1-49ed-B850-E423120EC338} <http://cn.widget.yahoo.com/index.htm?source=Cns, N/A>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
[FlashGet]
  {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <C:\PROGRA~1\FLASHGET\flashget.exe, Amaze Soft>
[QQIEFloatBarCfgCmd Class]
  {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <, N/A>
[情景聊天]
  {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg, N/A>
[]
  {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair, N/A>
[]
  {FD00D911-7529-4084-9946-A29F1BDF4FE5} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean, N/A>
[访问瑞星网站]
  {FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E444} <http://www.rising.com.cn, N/A>
[访问卡卡社区]
  {FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E445} <http://www.ikaka.com, N/A>
[@msdxmLC.dll,-1@2052,电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\system32\msdxm.ocx, Microsoft Corporation>
[FlashGet Bar]
  {E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\PROGRA~1\FLASHGET\fgiebar.dll, Amaze Soft>
[雅虎助手]
  {406F94F0-504F-4A40-8DFD-58B0666ABEBD} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll, yahoo! china>
[金山快译(&K)]
  {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} <C:\Program Files\Kingsoft\FastAIT 2005\IEBand.dll, 金山软件股份有限公司>
[&Google]
  {2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINNT\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[PowerPlayer Control]
  {5EC7C511-CD0F-42E6-830C-1BD9882F3458} <E:\PPStream\POWERP~1.DLL, PPStream Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[Rising Web Scan Object]
  {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINNT\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[!搜一搜(&S)]
  <res://C:\Program Files\yisou\yisou.dll/232, N/A>
[&使用迅雷下载]
  <C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
[&使用迅雷下载全部链接]
  <C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>
[上传到QQ网络硬盘]
  <C:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[使用网际快车下载]
  <C:\Program Files\FlashGet\jc_link.htm, N/A>
[使用网际快车下载全部链接]
  <C:\Program Files\FlashGet\jc_all.htm, N/A>
[使用超级解霸播放]
  <C:\Program Files\Herosoft\Hero 9\MPURLGET.HTM, N/A>
[添加到QQ自定义面板]
  <C:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[添加到雅虎订阅(&Y)]
  <res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yrss.dll/YRSSMENUEXT, N/A>
[用QQ彩信发送该图片]
  <C:\Program Files\Tencent\QQ\SendMMS.htm, N/A>
[雅虎搜索]
  <res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll/203, N/A>
gototop
 
jzlang
头像
初生襁褓狮
  • 帖子:10
  • 注册: 2006-10-26
  • 来自:
发表于: 2006-11-03 18:00 | 只看楼主 短消息 资料
字号: 3楼

==================================
正在运行的进程
[PID: 152][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 176][\??\C:\WINNT\system32\csrss.exe]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 172][\??\C:\WINNT\system32\winlogon.exe]  [Microsoft Corporation, 5.00.2195.6714]
[PID: 224][C:\WINNT\system32\services.exe]  [Microsoft Corporation, 5.00.2195.6700]
    [C:\WINNT\system32\dmserver.dll]  [VERITAS Software Corp., 2195.6605.297.3]
[PID: 236][C:\WINNT\system32\lsass.exe]  [Microsoft Corporation, 5.00.2195.6695]
[PID: 424][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
    [C:\Program Files\Internet Explorer\PLUGINS\system.sys]  [N/A, N/A]
[PID: 448][C:\WINNT\system32\spoolsv.exe]  [Microsoft Corporation, 5.00.2195.6659]
[PID: 480][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
[PID: 532][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2600.0000]
[PID: 568][C:\WINNT\system32\regsvc.exe]  [Microsoft Corporation, 5.00.2195.6701]
[PID: 600][C:\WINNT\system32\MSTask.exe]  [Microsoft Corporation, 4.71.2195.6704]
[PID: 712][C:\WINNT\System32\WBEM\WinMgmt.exe]  [Microsoft Corporation, 1.50.1085.0100]
[PID: 740][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
[PID: 832][C:\WINNT\Explorer.EXE]  [Microsoft Corporation, 5.00.3700.6690]
    [C:\WINNT\DOWNLO~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 3, 9]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll]  [Yahoo! China, 3, 1, 2, 1018]
    [C:\Program Files\Internet Explorer\PLUGINS\system.sys]  [N/A, N/A]
    [C:\WINNT\DOWNLO~1\CnsHook.dll]  [北京三七二一科技有限公司, 1, 0, 4, 2]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\yclickon.dll]  [YAHOO Corporation Limited, 3, 0, 0, 1001]
    [C:\Program Files\Internet Explorer\InfoMs.tdm]  [N/A, N/A]
    [C:\PROGRA~1\FLASHGET\jccatch.dll]  [Amaze Soft, 1, 1, 4, 0]
    [C:\WINNT\system32\ALSNDMGR.CPL]  [Realtek Semiconductor Corp., 2.2.26]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, N/A]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll]  [Yahoo! China, 3, 0, 4, 1006]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL]  [yahoo! china, 3, 0, 1, 1001]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_004.dll]  [Thunder Networking Technologies,LTD, 5, 0, 0, 3]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yassist.dll]  [Yahoo! China, 3, 1, 1, 1016]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\ywiper.dll]  [Yahoo! China, 3, 0, 1, 1001]
[PID: 884][C:\WINNT\system32\Rundll32.exe]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\DOWNLO~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 3, 9]
    [C:\WINNT\DOWNLO~1\CnsMinIO.dll]  [北京三七二一科技有限公司, 1, 0, 3, 6]
    [C:\WINNT\DOWNLO~1\cnsio.dll]  [北京三七二一科技有限公司, 1, 0, 2, 7]
    [C:\Program Files\Internet Explorer\PLUGINS\system.sys]  [N/A, N/A]
[PID: 984][C:\WINNT\SOUNDMAN.EXE]  [Realtek Semiconductor Corp., 5.1.0.27]
    [C:\WINNT\DOWNLO~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 3, 9]
    [C:\Program Files\Internet Explorer\PLUGINS\system.sys]  [N/A, N/A]
[PID: 996][C:\Program Files\Lenovo\功能键盘\HotKeyB.exe]  [联想电脑公司, 2, 2, 0, 1]
    [C:\Program Files\Lenovo\功能键盘\kbddrv.dll]  [N/A, N/A]
    [C:\WINNT\DOWNLO~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 3, 9]
    [C:\Program Files\Internet Explorer\PLUGINS\system.sys]  [N/A, N/A]
[PID: 1012][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  [RealNetworks, Inc., 0.1.0.3292]
    [C:\WINNT\DOWNLO~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 3, 9]
    [C:\Program Files\Internet Explorer\PLUGINS\system.sys]  [N/A, N/A]
[PID: 1032][C:\Program Files\Thunder Network\Thunder\Thunder.exe]  [Thunder Networking Technologies,LTD, 1, 0, 0, 5]
    [C:\WINNT\system32\MSVCP60.dll]  [Microsoft Corporation, 6.00.8972.0]
    [C:\WINNT\DOWNLO~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 3, 9]
    [C:\Program Files\Internet Explorer\PLUGINS\system.sys]  [N/A, N/A]
    [C:\Program Files\Thunder Network\Thunder\Program\UpdateExec.dll]  [Thunder Networking Technologies,LTD, 1, 0, 1, 2]
[PID: 1052][C:\WINNT\system32\internat.exe]  [Microsoft Corporation, 5.00.2920.0000]
    [C:\WINNT\DOWNLO~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 3, 9]
    [C:\Program Files\Internet Explorer\PLUGINS\system.sys]  [N/A, N/A]
[PID: 972][C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe]  [Google Inc., 1, 2, 908, 5008]
    [C:\WINNT\DOWNLO~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 3, 9]
    [C:\Program Files\Internet Explorer\PLUGINS\system.sys]  [N/A, N/A]
    [C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\res_zh-CN.dll]  [Google Inc., 1, 2, 908, 5008]
    [C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\swg.dll]  [Google Inc., 1, 2, 908, 5008]
[PID: 1092][C:\Program Files\Zcom\ZComService.exe]  [智通无限, 3.5.0.1]
    [C:\WINNT\DOWNLO~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 3, 9]
    [C:\Program Files\Internet Explorer\PLUGINS\system.sys]  [N/A, N/A]
    [C:\Program Files\Zcom\skin.dll]  [http://www.zcom.com/, 1.0.0.1]
    [C:\WINNT\DOWNLO~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 3, 9]
    [C:\Program Files\Internet Explorer\PLUGINS\system.sys]  [N/A, N/A]
[PID: 2064][C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe]  [Yahoo! China, 3, 1, 3, 1019]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll]  [Yahoo! China, 3, 1, 2, 1018]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [Yahoo! China, 3, 0, 3, 1021]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\YAlive.dll]  [yahoo! china, 3, 4, 1, 1092]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll]  [Yahoo! China, 3, 0, 1, 1010]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\ynotifier.dll]  [yahoo! china, 3, 0, 1, 1001]
[PID: 2088][C:\Program Files\Internet Explorer\Connection Wizard\ICWCONN1.EXE]  [Microsoft Corporation, 5.00.3502.6602]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [Yahoo! China, 3, 0, 3, 1021]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll]  [Yahoo! China, 3, 1, 2, 1018]
[PID: 2696][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2600.0000]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [Yahoo! China, 3, 0, 3, 1021]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\yscrblock.dll]  [Yahoo! China, 3, 0, 0, 1000]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll]  [Yahoo! China, 3, 1, 2, 1018]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\YAlive.dll]  [yahoo! china, 3, 4, 1, 1092]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll]  [Yahoo! China, 3, 0, 1, 1010]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasnoad.dll]  [yahoo! china, 3, 0, 2, 1004]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yzsNetProto.dll]  [Yahoo! China, 3, 0, 1, 1002]
    [C:\DOCUME~1\lenovo\LOCALS~1\Temp\h5.dll]  [N/A, N/A]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll]  [Yahoo! China, 3, 0, 4, 1006]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yrss.dll]  [Yahoo! China, 3, 0, 2, 1003]
    [c:\program files\google\googletoolbar2.dll]  [Google Inc., 4, 0, 1020, 3054]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll]  [yahoo! china, 3, 0, 3, 1004]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL]  [yahoo! china, 3, 0, 1, 1001]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_004.dll]  [Thunder Networking Technologies,LTD, 5, 0, 0, 3]
    [C:\PROGRA~1\FLASHGET\jccatch.dll]  [Amaze Soft, 1, 1, 4, 0]
    [C:\WINNT\system32\kakatool.dll]  [Beijing Rising Technology Co., Ltd., 2, 0, 0, 9]
    [C:\WINNT\system32\Interner_Ex.dll]  [N/A, N/A]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yassist.dll]  [Yahoo! China, 3, 1, 1, 1016]
    [c:\progra~1\yahoo!\assist~1\assist\yadfil~1.dll]  [Yahoo! China, 3, 0, 1, 1002]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yrepair.dll]  [Yahoo! China, 3, 0, 7, 1010]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasfsks.dll]  [3721.com, 2, 1, 1, 87]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yoptimum.dll]  [Yahoo! China, 3, 0, 1, 1004]
    [C:\PROGRA~1\yahoo!\assistant\Shell\yAssecblk.dll]  [Yahoo! China, 3, 0, 5, 1007]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yxpstyle.dll]  [Yahoo! China, 3, 0, 0, 1000]
[PID: 6380][C:\Documents and Settings\lenovo\My Documents\SREng.exe]  [Smallfrogs Studio, 2.2.6.605]
    [C:\WINNT\DOWNLO~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 3, 9]
    [C:\Program Files\Internet Explorer\PLUGINS\system.sys]  [N/A, N/A]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINNT\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A
gototop
 
jzlang
头像
初生襁褓狮
  • 帖子:10
  • 注册: 2006-10-26
  • 来自:
发表于: 2006-11-03 18:02 | 只看楼主 短消息 资料
字号: 4楼

==================================
HOSTS 文件
127.0.0.1      localhost
202.75.218.253    www.hao123.com
202.75.218.253    www.7b.com.cn
202.75.218.253    www.7939.com
202.75.218.253    www.360safe.com
202.75.218.253    360safe.com
202.75.218.253    update.360safe.com
202.75.218.253    dl.360safe.com
202.75.218.253    bbs.360safe.com
202.75.218.253    count16.51yes.com
202.75.218.253    count18.51yes.com
202.75.218.253    count20.51yes.com
202.75.218.253    www.btbaicai.com
202.75.218.253    btbaicai.com
202.75.218.253    www.pctutu.com
202.75.218.253    www.7322.com
202.75.218.253    www.5566.net
202.75.218.253    www.9991.com
202.75.218.253    forum.ikaka.com
202.75.218.253    www.ikaka.com
202.75.218.253    www.piaoxue.com
202.75.218.253    forum.jiangmin.com
202.75.218.253    update.jiangmin.com
202.75.218.253    post.baidu.com
202.75.218.253    zhidao.baidu.com
202.75.218.253    update.rising.com.cn
202.75.218.253    online.rising.com.cn
202.75.218.253    dl.pconline.com.cn
202.75.218.253    space.uwants.com
202.75.218.253    www.pcav.cn
202.75.218.253    mopery.hits.io
202.75.218.253    www.goodmv.cn
202.75.218.253    www.5566.net
202.75.218.253    www.piaoxue.com
202.75.218.253    www.luosoft.com
202.75.218.253    luosoft.com
202.75.218.253    www.7255.com
202.75.218.253    dl.pconline.com.cn
202.75.218.253    www.spjoy.com
202.75.218.253    c01.caishow.com
202.75.218.253    c02.caishow.com
202.75.218.253    c03.caishow.com
202.75.218.253    c04.caishow.com
202.75.218.253    www.caishow.com
202.75.218.253    union.caishow.com
202.75.218.253    ad01.a8.com
202.75.218.253    ad02.a8.com
202.75.218.253    sg.a8.com
202.75.218.253    www.adanywhere.cn
202.75.218.253    ip.adanywhere.cn
202.75.218.253    ip1.adanywhere.cn
202.75.218.253    ip2.adanywhere.cn
202.75.218.253    www.bannerbox.cn
202.75.218.253    www.caiqiyue.com
202.75.218.253    toolsbar.kuaiso.com
202.75.218.253    www.kuaiso.com
202.75.218.253    www.2t2t.cn
202.75.218.253    3.a.kal.cn
202.75.218.253    ip.alexaanywhere.com
202.75.218.253    go.ipcenter.cn
202.75.218.253    www.2yin.cn
202.75.218.253    wwww.systeel.com.cn
202.75.218.253    go.baibaoxiang.cn
202.75.218.253    www.gao58.com
202.75.218.253    www.2tu.cn
202.75.218.253    www.91tu.cn
202.75.218.253    www.haotop.com
202.75.218.253    news01.virussky.com
202.75.218.253    news02.virussky.com
202.75.218.253    news03.virussky.com
202.75.218.253    news04.virussky.com
202.75.218.253    news40.virussky.com
202.75.218.253    news41.virussky.com
202.75.218.253    news42.virussky.com
202.75.218.253    www.an85.com
202.75.218.253    an85.com
202.75.218.253    www.ycdy.com
202.75.218.253    ycdy.com
202.75.218.253    down.virussky.com
202.75.218.253    update.virussky.com
202.75.218.253    www.maipao.com
202.75.218.253    www.sina-baidu.com
202.75.218.253    www.maohehe.com
202.75.218.253    www.1717kan.cn
202.75.218.253    www.feixue.net
202.75.218.253    www.xingkongitv.com
202.75.218.253    about-blank.cc
202.75.218.253    www.xfkz.com
202.75.218.253    xfkz.com
202.75.218.253    www.365tan.com
202.75.218.253    cg.9e3.com
202.75.218.253    www.qqplayer.net
202.75.218.253    www.sosok.com
202.75.218.253    img.zhangxiu.com
202.75.218.253    www.okeaa.com
202.75.218.253    www.winopen.cn
202.75.218.253    dnl-eu1.kaspersky-labs.com
202.75.218.253    dnl-eu2.kaspersky-labs.com
202.75.218.253    dnl-eu3.kaspersky-labs.com
202.75.218.253    dnl-eu4.kaspersky-labs.com
202.75.218.253    dnl-eu5.kaspersky-labs.com
202.75.218.253    dnl-us1.kaspersky-labs.com
202.75.218.253    dnl-us2.kaspersky-labs.com
202.75.218.253    dnl-us3.kaspersky-labs.com
202.75.218.253    dnl-us4.kaspersky-labs.com
202.75.218.253    dnl-us5.kaspersky-labs.com
202.75.218.253    dnl-ru1.kaspersky-labs.com
202.75.218.253    dnl-ru2.kaspersky-labs.com
202.75.218.253    dnl-ru3.kaspersky-labs.com
202.75.218.253    dnl-ru4.kaspersky-labs.com
202.75.218.253    dnl-ru5.kaspersky-labs.com
202.75.218.253    dnl-jp1.kaspersky-labs.com
202.75.218.253    dnl-jp2.kaspersky-labs.com
202.75.218.253    dnl-jp3.kaspersky-labs.com
202.75.218.253    dnl-jp4.kaspersky-labs.com
202.75.218.253    dnl-jp5.kaspersky-labs.com
202.75.218.253    dnl-kr1.kaspersky-labs.com
202.75.218.253    dnl-kr2.kaspersky-labs.com
202.75.218.253    dnl-kr3.kaspersky-labs.com
202.75.218.253    dnl-kr4.kaspersky-labs.com
202.75.218.253    dnl-kr5.kaspersky-labs.com
202.75.218.253    ishare.sina.com.cn
gototop
 
秋日里的蓝天
头像
卡卡技术团队
  • 帖子:7349
  • 注册: 2004-09-30
  • 来自:
发表于: 2006-11-03 18:44 | 短消息 资料
字号: 5楼

运行(双击)SRENG2,点“启动项目,服务,点“驱动程序”
勾选“隐藏已认证的微软项目”选中病毒服务
00
138437
a0
R2A
选择“删除服务”
点“设置”选择“否”


运行(双击)SRENG2,点“启动项目,服务,点“Win32服务应用程序”
勾选“隐藏微软服务”选中病毒服务
GrayPigeon_Hacker.com.cn
,选择“删除服务”
点“设置”选择“否”

关闭所有浏览窗口以及一些不必要的程序
运行SREng2,使用“启动项目”--注册表--选中以下的项删除
C:\WINNT\system32\rundll32.exe mont.dll
C:\WINNT\system32\vpcrm.exe
C:\WINNT\system32\DLMain.dll
C:\Program Files\Internet Explorer\InfoMs.tdm
C:\Program Files\Internet Explorer\PLUGINS\system.sys



显示隐藏文件
删除:
C:\WINNT\Hacker.com.cn.exe
C:\WINNT\System32\drivers\35287875.sys
C:\WINNT\System32\drivers\138437.sys
C:\WINNT\system32a2.sys
C:\WINNT\system32\mont.dll  这个也有可能在C:\WINNT\mont.dll
C:\WINNT\system32\vpcrm.exe
C:\WINNT\system32\DLMain.dll
C:\Program Files\Internet Explorer\InfoMs.tdm
C:\Program Files\Internet Explorer\PLUGINS\system.sys
C:\DOCUME~1\lenovo\LOCALS~1\Temp\h5.dll
C:\WINNT\system32\Interner_Ex.dll


在C:\WINDOWS\system32\drivers\etc下,用记事本打开HOSTS文件,将里面的内容清空,
留下这一项:127.0.0.1      localhost,保存
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT