1   1  /  1  页   跳转

【求助】如何清除Ghook.dll

收藏
DanceWolf
头像
初生襁褓狮
  • 帖子:14
  • 注册: 2007-04-19
  • 来自:
发表于: 2007-04-27 11:14 | 只看楼主 短消息 资料
字号: 1楼

【求助】如何清除Ghook.dll

如何清除Ghook.dll,瑞星及卡卡都不能清除
最后编辑2007-05-01 11:33:12
分享到:
gototop
 
newcenturymoon
头像
社区嘉宾
  • 帖子:15158
  • 注册: 2005-08-03
  • 来自:
论坛8周年活动礼物幸运草
发表于: 2007-04-27 11:31 | 短消息 资料
字号: 2楼

下载 System Repair Engineer,
http://www.kztechs.com/sreng/download.html
1 解压缩sreng2.zip
2 运行SREng.exe
3 智能扫描=》扫描=》保存报告
4 把日志中的报告完整拷贝贴上来,不要修改
gototop
 
DanceWolf
头像
初生襁褓狮
  • 帖子:14
  • 注册: 2007-04-19
  • 来自:
发表于: 2007-05-01 11:38 | 只看楼主 短消息 资料
字号: 3楼

[CODE]

2007-05-01,11:22:45

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 非管理权限用户 - 受限功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <4cy4><C:\DOCUME~1\public\LOCALS~1\Temp\iexpl0re.exe>  []
    <qylq1m9xb5b><C:\DOCUME~1\public\LOCALS~1\Temp\crasos.exe>  []
    <m><C:\DOCUME~1\public\LOCALS~1\Temp\Servera.exe>  []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <SoundMan><SOUNDMAN.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <IgfxTray><C:\WINDOWS\system32\igfxtray.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <HotKeysCmds><C:\WINDOWS\system32\hkcmd.exe>  [(Verified)Microsoft Windows Publisher]
    <runeip><D:\Program Files\Rising\AntiSpyware\runiep.exe>  [Beijing Rising Technology Co., Ltd.]
    <RfwMain><"D:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>  []
    <RavTask><"D:\Program Files\Rising\Rav\RavTask.exe" -system>  []
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [(Verified)"RealNetworks, Inc."]
    <Exprer><C:\WINDOWS\Exprer.exe>  []
    <UserFaultCheck><%systemroot%\system32\dumprep 0 -u>  [N/A]
    <nwizAskTao><C:\WINDOWS\system32\nwizAskTao.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <KKDelay><D:\Program Files\Rising\AntiSpyware\RunOnce.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]

==================================
启动文件夹
N/A

==================================
服务
[局域网通讯协议 / Hello World][Stopped/Auto Start]
  <C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSOSV.EXE><N/A>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Rising Proxy  Service / RfwProxySrv][Stopped/Manual Start]
  <d:\program files\rising\rfw\rfwproxy.exe><N/A>
[Rising Personal Firewall Service / RfwService][Stopped/Auto Start]
  <d:\program files\rising\rfw\rfwsrv.exe><N/A>
[Rising Process Communication Center / RsCCenter][Stopped/Auto Start]
  <"D:\Program Files\Rising\Rav\CCenter.exe"><N/A>
[RsRavMon Service / RsRavMon][Stopped/Auto Start]
  <"D:\Program Files\Rising\Rav\Ravmond.exe"><N/A>

==================================
驱动程序
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[ExpScaner / ExpScaner][Running/Auto Start]
  <\??\D:\Program Files\Rising\Rav\ExpScan.sys><>
[HookCont / HookCont][Running/Auto Start]
  <\??\D:\Program Files\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
  <\??\D:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
  <\??\D:\Program Files\Rising\Rav\HookSys.sys><Rising>
[HookUrl / HookUrl][Running/Auto Start]
  <\??\D:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[ialm / ialm][Running/Manual Start]
  <system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\D:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[mProcRs / mProcRs][Running/Auto Start]
  <\??\d:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\D:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[phogl / phogl][Running/Boot Start]
  <\SystemRoot\\SystemRoot\System32\drivers\phogl.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[RsFwDrv / RsFwDrv][Running/Auto Start]
  <\??\D:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
  <\??\D:\Program Files\Rising\Rav\RSPPSYS.sys><Rising>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[Intel(R) Graphics Platform (SoftBIOS) Driver / {6080A529-897E-4629-A488-ABA0C29B635E}][Running/System Start]
  <system32\drivers\ialmsbw.sys><Intel Corporation>
[Intel(R) Graphics Chipset (KCH) Driver / {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}][Running/Manual Start]
  <system32\drivers\ialmkchw.sys><Intel Corporation>

==================================
浏览器加载项
[ThunderAtOnce Class]
  {01443AEC-0FD1-40fd-9C87-E93D1494C233} <D:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[IeHelper Class]
  {0D42E1BD-09DD-4873-A826-9C7E793EB7B6} <D:\Program Files\Thunder Network\Thunder\Components\ResWorker\DSIeHelper.dll, Thunder Networking Technologies,LTD>
[Thunder Browser Helper]
  {54EBD539-9BC1-480B-966A-843A333CA162} <D:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[QQBrowserHelperObject Class]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <D:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[Windows Live Sign-in Helper]
  {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[QQIEFloatBarCfgCmd Class]
  {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <D:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>
[ThunderAtOnce Class]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <D:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[IeHelper Class]
  {0D42E1BD-09DD-4873-A826-9C7E793EB7B6} <D:\Program Files\Thunder Network\Thunder\Components\ResWorker\DSIeHelper.dll, Thunder Networking Technologies,LTD>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[Thunder Browser Helper]
  {54EBD539-9BC1-480B-966A-843A333CA162} <D:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[QQBrowserHelperObject Class]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <D:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Windows Live Sign-in Helper]
  {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>
[上传到QQ网络硬盘]
  <D:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
  <D:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <D:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <D:\Program Files\Tencent\QQ\SendMMS.htm, N/A>
gototop
 
DanceWolf
头像
初生襁褓狮
  • 帖子:14
  • 注册: 2007-04-19
  • 来自:
发表于: 2007-05-01 11:42 | 只看楼主 短消息 资料
字号: 4楼

==================================
正在运行的进程
[PID: 6008][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\Exprer.dll]  [N/A, ]
    [C:\WINDOWS\system32\nwizAskTao.dll]  [N/A, ]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswl3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswm7\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syssj5\Ghook.dll]  [N/A, ]
    [D:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 2, 17]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 7]
    [D:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\WINDOWS\system32\igfxpph.dll]  [Intel Corporation, 3,0,0,1918]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3,0,0,1918]
    [C:\WINDOWS\Sysfy4\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysJT4\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\system32\SysJ2\Ghook.dll]  [N/A, ]
    [C:\DOCUME~1\public\LOCALS~1\Temp\LgSy1.dll]  [N/A, ]
    [C:\DOCUME~1\public\LOCALS~1\Temp\Msxo1.dll]  [N/A, ]
    [C:\DOCUME~1\public\LOCALS~1\Temp\Kavs1.dll]  [N/A, ]
[PID: 6024][C:\WINDOWS\system32\wscntfy.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\Syssj5\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswm7\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswl3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Sysfy4\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\system32\SysJ2\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysJT4\Ghook.dll]  [N/A, ]
[PID: 1064][C:\WINDOWS\SOUNDMAN.EXE]  [Realtek Semiconductor Corp., 5.1.05]
    [C:\WINDOWS\Syssj5\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswm7\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswl3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Sysfy4\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\system32\SysJ2\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysJT4\Ghook.dll]  [N/A, ]
[PID: 2620][C:\WINDOWS\system32\igfxtray.exe]  [Intel Corporation, 3,0,0,1918]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3,0,0,1918]
    [C:\WINDOWS\system32\igfxdev.dll]  [Intel Corporation, 3,0,0,1918]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3,0,0,1918]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3,0,0,1918]
    [C:\WINDOWS\system32\igfxress.dll]  [Intel Corporation, 3,0,0,1918]
    [C:\WINDOWS\Syssj5\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswm7\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswl3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Sysfy4\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\system32\SysJ2\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysJT4\Ghook.dll]  [N/A, ]
[PID: 4320][C:\WINDOWS\system32\hkcmd.exe]  [Intel Corporation, 3,0,0,1918]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3,0,0,1918]
    [C:\WINDOWS\system32\igfxdev.dll]  [Intel Corporation, 3,0,0,1918]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3,0,0,1918]
    [C:\WINDOWS\system32\igfxhk.dll]  [Intel Corporation, 3,0,0,1918]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3,0,0,1918]
    [C:\WINDOWS\Syssj5\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswm7\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswl3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Sysfy4\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\system32\SysJ2\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysJT4\Ghook.dll]  [N/A, ]
[PID: 4252][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  [RealNetworks, Inc., 0.1.0.3760]
    [C:\WINDOWS\Syssj5\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswm7\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswl3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Sysfy4\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\system32\SysJ2\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysJT4\Ghook.dll]  [N/A, ]
[PID: 4348][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\Syssj5\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswm7\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswl3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Sysfy4\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysJT4\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\system32\SysJ2\Ghook.dll]  [N/A, ]
[PID: 4992][C:\program files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.0.4]
    [D:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 2, 17]
    [D:\Program Files\Tencent\QQ\QQIEHelper.dll]  [深圳市腾讯计算机系统有限公司, 1, 1, 0, 5]
    [C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll]  [Microsoft Corporation, 4.000.249.1]
    [C:\Program Files\Common Files\Microsoft Shared\Windows Live\msidcrl40.dll]  [Microsoft Corporation, 4.000.249.1]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswl3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswm7\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syssj5\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Sysfy4\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysJT4\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\system32\SysJ2\Ghook.dll]  [N/A, ]
[PID: 4984][C:\program files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.0.4]
    [D:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 2, 17]
    [D:\Program Files\Tencent\QQ\QQIEHelper.dll]  [深圳市腾讯计算机系统有限公司, 1, 1, 0, 5]
    [C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll]  [Microsoft Corporation, 4.000.249.1]
    [C:\Program Files\Common Files\Microsoft Shared\Windows Live\msidcrl40.dll]  [Microsoft Corporation, 4.000.249.1]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswl3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswm7\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syssj5\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Sysfy4\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysJT4\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\system32\SysJ2\Ghook.dll]  [N/A, ]
[PID: 5016][C:\WINDOWS\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\Syssj5\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswm7\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswl3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Sysfy4\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\system32\SysJ2\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysJT4\Ghook.dll]  [N/A, ]
[PID: 6152][C:\WINDOWS\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\Syssj5\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswm7\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswl3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Sysfy4\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\system32\SysJ2\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysJT4\Ghook.dll]  [N/A, ]
[PID: 6452][C:\program files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.0.4]
    [D:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 2, 17]
    [D:\Program Files\Tencent\QQ\QQIEHelper.dll]  [深圳市腾讯计算机系统有限公司, 1, 1, 0, 5]
    [C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll]  [Microsoft Corporation, 4.000.249.1]
    [C:\Program Files\Common Files\Microsoft Shared\Windows Live\msidcrl40.dll]  [Microsoft Corporation, 4.000.249.1]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswl3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswm7\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syssj5\Ghook.dll]  [N/A, ]
    [D:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINDOWS\Sysfy4\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysJT4\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\system32\SysJ2\Ghook.dll]  [N/A, ]
[PID: 6708][C:\WINDOWS\SysSun2\svchost.exe]  [N/A, ]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
[PID: 6716][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\Syssj5\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswm7\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswl3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Sysfy4\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\system32\SysJ2\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysJT4\Ghook.dll]  [N/A, ]
[PID: 6824][C:\WINDOWS\Syswl3\svchost.exe]  [N/A, ]
    [C:\WINDOWS\Syswl3\Ghook.dll]  [N/A, ]
[PID: 6848][C:\WINDOWS\Syswm7\svchost.exe]  [N/A, ]
    [C:\WINDOWS\Syswm7\Ghook.dll]  [N/A, ]
[PID: 6856][C:\WINDOWS\Syssj5\svchost.exe]  [N/A, ]
    [C:\WINDOWS\Syssj5\Ghook.dll]  [N/A, ]
[PID: 8004][C:\program files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.0.4]
    [D:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 2, 17]
    [D:\Program Files\Tencent\QQ\QQIEHelper.dll]  [深圳市腾讯计算机系统有限公司, 1, 1, 0, 5]
    [C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll]  [Microsoft Corporation, 4.000.249.1]
    [C:\Program Files\Common Files\Microsoft Shared\Windows Live\msidcrl40.dll]  [Microsoft Corporation, 4.000.249.1]
    [C:\WINDOWS\Syssj5\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswm7\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswl3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Sysfy4\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysJT4\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\system32\SysJ2\Ghook.dll]  [N/A, ]
gototop
 
DanceWolf
头像
初生襁褓狮
  • 帖子:14
  • 注册: 2007-04-19
  • 来自:
发表于: 2007-05-01 11:43 | 只看楼主 短消息 资料
字号: 5楼

[PID: 8064][C:\WINDOWS\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\Syssj5\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswm7\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswl3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Sysfy4\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\system32\SysJ2\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysJT4\Ghook.dll]  [N/A, ]
[PID: 8168][C:\WINDOWS\Sysfy4\svchost.exe]  [N/A, ]
    [C:\WINDOWS\Sysfy4\Ghook.dll]  [N/A, ]
[PID: 8176][C:\program files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.0.4]
    [D:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 2, 17]
    [D:\Program Files\Tencent\QQ\QQIEHelper.dll]  [深圳市腾讯计算机系统有限公司, 1, 1, 0, 5]
    [C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll]  [Microsoft Corporation, 4.000.249.1]
    [C:\Program Files\Common Files\Microsoft Shared\Windows Live\msidcrl40.dll]  [Microsoft Corporation, 4.000.249.1]
    [C:\WINDOWS\Sysfy4\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syssj5\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswm7\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswl3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
    [D:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINDOWS\SysJT4\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\system32\SysJ2\Ghook.dll]  [N/A, ]
[PID: 4456][C:\program files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.0.4]
    [D:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 2, 17]
    [D:\Program Files\Tencent\QQ\QQIEHelper.dll]  [深圳市腾讯计算机系统有限公司, 1, 1, 0, 5]
    [C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll]  [Microsoft Corporation, 4.000.249.1]
    [C:\Program Files\Common Files\Microsoft Shared\Windows Live\msidcrl40.dll]  [Microsoft Corporation, 4.000.249.1]
    [C:\WINDOWS\Sysfy4\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syssj5\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswm7\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswl3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysJT4\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\system32\SysJ2\Ghook.dll]  [N/A, ]
[PID: 4684][C:\WINDOWS\SysJT4\svchost.exe]  [N/A, ]
    [C:\WINDOWS\SysJT4\Ghook.dll]  [N/A, ]
[PID: 604][C:\WINDOWS\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\Sysfy4\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syssj5\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswm7\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswl3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\system32\SysJ2\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysJT4\Ghook.dll]  [N/A, ]
[PID: 4872][F:\sreng2\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [C:\WINDOWS\Sysfy4\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syssj5\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswm7\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswl3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\system32\Exprer.dll]  [N/A, ]
    [C:\WINDOWS\SysJT4\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\system32\SysJ2\Ghook.dll]  [N/A, ]
    [C:\DOCUME~1\public\LOCALS~1\Temp\LgSy1.dll]  [N/A, ]
    [C:\DOCUME~1\public\LOCALS~1\Temp\Msxo1.dll]  [N/A, ]
    [C:\DOCUME~1\public\LOCALS~1\Temp\Kavs1.dll]  [N/A, ]
[PID: 6264][C:\WINDOWS\system32\SysJ2\svchost.exe]  [N/A, ]
    [C:\WINDOWS\system32\SysJ2\Ghook.dll]  [N/A, ]
[PID: 6364][C:\WINDOWS\system32\SysJ2\svchost.exe]  [N/A, ]
    [C:\WINDOWS\system32\SysJ2\Ghook.dll]  [N/A, ]
[PID: 6256][C:\program files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.0.4]
    [D:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 2, 17]
    [D:\Program Files\Tencent\QQ\QQIEHelper.dll]  [深圳市腾讯计算机系统有限公司, 1, 1, 0, 5]
    [C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll]  [Microsoft Corporation, 4.000.249.1]
    [C:\Program Files\Common Files\Microsoft Shared\Windows Live\msidcrl40.dll]  [Microsoft Corporation, 4.000.249.1]
    [C:\WINDOWS\system32\SysJ2\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysJT4\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Sysfy4\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syssj5\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswm7\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswl3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
    [D:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 6796][C:\WINDOWS\Syswm7\svchost.exe]  [N/A, ]
    [C:\WINDOWS\Syswm7\Ghook.dll]  [N/A, ]
[PID: 6804][C:\WINDOWS\SysSun2\svchost.exe]  [N/A, ]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
[PID: 6816][C:\WINDOWS\Syssj5\svchost.exe]  [N/A, ]
    [C:\WINDOWS\Syssj5\Ghook.dll]  [N/A, ]
[PID: 6700][C:\WINDOWS\Syswl3\svchost.exe]  [N/A, ]
    [C:\WINDOWS\Syswl3\Ghook.dll]  [N/A, ]
[PID: 6868][C:\Program Files\Common Files\Microsoft Shared\Web Folders\TempH.exe]  [N/A, ]
[PID: 6896][C:\Program Files\Common Files\Microsoft Shared\Web Folders\SVCHOST.EXE]  [N/A, ]
[PID: 6644][C:\WINDOWS\system32\cmd.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost
127.0.0.1      mmm.caifu18.net
127.0.0.1      www.18dmm.com
127.0.0.1      d.qbbd.com
127.0.0.1      www.5117music.com
127.0.0.1      www.union123.com
127.0.0.1      www.wu7x.cn
127.0.0.1      www.54699.com
127.0.0.1      www1.6tan.com
127.0.0.1      www2.6tan.com
127.0.0.1      www.97725.com
127.0.0.1      down.97725.com
127.0.0.1      ip.315hack.com
127.0.0.1      ip.54liumang.com
127.0.0.1      www.41ip.com
127.0.0.1      xulao.com
127.0.0.1      www.heixiou.com
127.0.0.1      www.9cyy.com
127.0.0.1      www.hunll.com
127.0.0.1      www.down.hunll.com
127.0.0.1      do.77276.com
127.0.0.1      www.baidulink.com
127.0.0.1      adnx.yygou.cn
127.0.0.1      222.73.220.45
127.0.0.1      www.f5game.com
127.0.0.1      www.guazhan.cn
127.0.0.1      wm,103715.com
127.0.0.1      www.my6688.cn
127.0.0.1      i.96981.com
127.0.0.1      d.77276.com
127.0.0.1      www1.cw988.cn
127.0.0.1      cool.47555.com
127.0.0.1      www.asdwc.com
127.0.0.1      55880.cn
127.0.0.1      61.152.169.234
127.0.0.1      cc.wzxqy.com
127.0.0.1      www.54699.com
127.0.0.1      t.gcuj.com
127.0.0.1      www.puma163.com
127.0.0.1      ceoww.com
127.0.0.1      boolom.com
127.0.0.1      adult-novel.cn
127.0.0.1      ll.chinasese.net
127.0.0.1      www.tellumore.com
127.0.0.1      www.o1wg.com
127.0.0.1      www.qq756.com
127.0.0.1      ll.chinasese.net

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT