瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 求助】win32.Hack.NsAnti.eb.43611 总杀不掉.麻烦你们帮我看看日志

1   1  /  1  页   跳转

求助】win32.Hack.NsAnti.eb.43611 总杀不掉.麻烦你们帮我看看日志

收藏
chenxiao8191
头像
初生襁褓狮
  • 帖子:21
  • 注册: 2006-08-04
  • 来自:
发表于: 2007-05-06 18:11 | 显示全部 短消息 资料
字号: 1楼

求助】win32.Hack.NsAnti.eb.43611 总杀不掉.麻烦你们帮我看看日志

动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <swg><C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe>  [(Verified)Google Inc]
    <KavPFW><"C:\KAV2007\KPFW32.EXE">  [Kingsoft Corporation]
    <ravshell><C:\Progra~1\Eset\1explore.exe>  []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <nwiz><nwiz.exe /install>  [NVIDIA Corporation]
    <NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <LHotkey><LHotkey.exe>  [Chicony]
    <SoundMan><SOUNDMAN.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>  [(Verified)Microsoft Corporation]
    <runeip><C:\Program Files\Rising\AntiSpyware\runiep.exe>  [Beijing Rising Technology Co., Ltd.]
    <KavStart><"C:\KAV2007\KAVStart.exe" -startup>  [Kingsoft Corporation]
    <WebThunder><E:\WEB\web迅雷\WebThunder.exe>  [(Verified)ShenZhen Thunder Networking Technologies Ltd.]
    <ztsa><C:\DOCUME~1\new\LOCALS~1\Temp\ztso.exe>  []
    <qjsa><C:\DOCUME~1\new\LOCALS~1\Temp\qjso.exe>  []
    <shualai><C:\WINDOWS\shualai.exe /i>  []
    <cmdbcs><C:\WINDOWS\cmdbcs.exe>  []
    <winform><C:\WINDOWS\winform.exe>  []
    <mppds><C:\WINDOWS\mppds.exe>  []
    <msccrt><C:\WINDOWS\msccrt.exe>  []
    <Kvsc3><C:\WINDOWS\Kvsc3.exe>  []
    <WinXPService><C:\WINDOWS\system32\nero.exe>  [mIRC Co. Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\Userinit.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{42A612A4-4334-4424-4234-42261A31A236}><C:\WINDOWS\system32\pdkpri.dll>  []
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><C:\WINDOWS\system32\BLISS.SCR>  [Microsoft]

==================================
启动文件夹
[腾讯QQ]
  <C:\Documents and Settings\new\「开始」菜单\程序\启动\腾讯QQ.lnk --> F:\QQ2007\2007qq\QQ.exe [TENCENT]><N>

==================================
服务
[Automatic / Automatic][Running/Auto Start]
  <C:\Program Files\msn\msn.cc><N/A>
[CoolWare / CoolWare][Stopped/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\struts.dll><N/A>
[DNS Clisent / DNS Clisent][Stopped/Auto Start]
  <C:\SNOWTEST\System32\RaV.exe><N/A>
[F1959A0A / F1959A0A][Stopped/Auto Start]
  <C:\WINDOWS\system32\2DE760.EXE -d><Microsoft Corporation>
[Google Updater Service / gusvc][Stopped/Manual Start]
  <"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Kingsoft Personal Firewall Service / KPfwSvc][Running/Auto Start]
  <"C:\KAV2007\KPfwSvc.EXE"><Kingsoft Corporation>
[Kingsoft Antivirus KWatch Service / KWatchSvc][Running/Auto Start]
  <C:\KAV2007\KWatch.EXE><Kingsoft Corporation>
[Windows lxnq RunThem / lxnq][Stopped/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\PROGRA~1\gsil\qcsv.dll><N/A>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Serv-U FTP Server / Serv-U][Running/Auto Start]
  <C:\WINDOWS\system32\MSupdate.exe><N/A>
[System Updater Server / System Updater Server][Running/Auto Start]
  <C:\Program Files\Common Files\Bitoot><N/A>
[Universal Plug and Play Device / Universal Plug and Play Device][Stopped/Auto Start]
  <C:\Program Files\ATI Technologies\ATI.ACE\Data\ati><N/A>
[UpdataServer / UpdataServer][Stopped/Auto Start]
  <C:\Program Files\Common Files\Service><N/A>
最后编辑2007-05-06 20:43:29.577000000
分享到:
gototop
 
chenxiao8191
头像
初生襁褓狮
  • 帖子:21
  • 注册: 2006-08-04
  • 来自:
发表于: 2007-05-06 18:18 | 显示全部 短消息 资料
字号: 2楼

使用影音传送带下载]
  <C:\Program Files\Xi\NetTransport 2\NTAddLink.html, N/A>
[使用影音传送带下载全部链接]
  <C:\Program Files\Xi\NetTransport 2\NTAddList.html, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
  <F:\QQ2007\2007qq\AddPanel.htm, N/A>
[添加到QQ表情]
  <F:\QQ2007\2007qq\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <F:\QQ2007\2007qq\SendMMS.htm, N/A>
[金山毒霸反钓鱼...]
  <C:\KAV2007\KAF\ShowSet.htm, N/A>

==================================
正在运行的进程
[PID: 592][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 648][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 672][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1520][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\pdkpri.dll]  [N/A, ]
    [C:\WINDOWS\system32\cmdbcs.dll]  [N/A, ]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\DOCUME~1\new\LOCALS~1\Temp\qjso0.dll]  [N/A, ]
    [C:\DOCUME~1\new\LOCALS~1\Temp\ztso0.dll]  [N/A, ]
    [C:\WINDOWS\system32\mppds.dll]  [N/A, ]
    [C:\WINDOWS\system32\winform.dll]  [N/A, ]
    [C:\WINDOWS\system32\shualai.dll]  [N/A, ]
    [C:\WINDOWS\system32\Kvsc3.dll]  [N/A, ]
    [C:\WINDOWS\system32\msccrt.dll]  [N/A, ]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2006, 12, 21, 241]
    [C:\KAV2007\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 12, 1, 139]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Acrobatchs\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 7.0.0.2004121400]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [C:\Program Files\Acrobatchs\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
    [C:\WINDOWS\system32\nvcpl.dll]  [NVIDIA Corporation, 6.14.10.7184]
    [C:\WINDOWS\system32\NVRSZHC.DLL]  [NVIDIA Corporation, 6.14.10.7184]
    [C:\WINDOWS\system32\nvshell.dll]  [NVIDIA Corporation, 6.14.10.10035]
    [C:\WINDOWS\HKNTDLL.dll]  [N/A, ]
    [C:\WINDOWS\system32\WINWB86.IME]  [Microsoft Corporation, 4.00.950]
    [C:\WINDOWS\system32\IMSC40A.IME]  [Microsoft Corporation, 6.0.0.2527]
[PID: 1816][C:\WINDOWS\system32\RUNDLL32.EXE]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\NvMcTray.dll]  [NVIDIA Corporation, 6.14.10.7184]
    [C:\WINDOWS\system32\NVRSZHC.DLL]  [NVIDIA Corporation, 6.14.10.7184]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2006, 12, 21, 241]
[PID: 1824][C:\WINDOWS\LHotkey.exe]  [Chicony, 1. 0. 0. 1]
    [C:\WINDOWS\HKNTDLL.dll]  [N/A, ]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2006, 12, 21, 241]
[PID: 1832][C:\WINDOWS\SOUNDMAN.EXE]  [Realtek Semiconductor Corp., 5.1.0.34]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2006, 12, 21, 241]
[PID: 1864][C:\Program Files\Rising\AntiSpyware\runiep.exe]  [Beijing Rising Technology Co., Ltd., 1, 0, 1, 6]
    [C:\Program Files\Rising\AntiSpyware\iep_ctrl.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 4]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2006, 12, 21, 241]
[PID: 1872][C:\KAV2007\KAVStart.exe]  [Kingsoft Corporation, 2007, 4, 9, 269]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MFC71CHS.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\KAV2007\KAVIPC2.DLL]  [Kingsoft Corporation, 2007, 1, 15, 30]
    [C:\KAV2007\SvcTimer.DLL]  [Kingsoft Corporation, 2006.12.22.84]
    [C:\KAV2007\PopSprt3.dll]  [Kingsoft Corporation, 2007, 1, 16, 45]
    [C:\KAV2007\KAVPassp.dll]  [Kingsoft Corporation, 2006, 12, 30, 271]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2006, 12, 21, 241]
[PID: 1884][E:\WEB\web迅雷\WebThunder.exe]  [深圳市迅雷网络技术有限公司, 1, 7, 2, 107]
    [E:\WEB\web迅雷\taskmanage.dll]  [Thunder Networking Technologies,LTD, 1, 7, 2, 107]
    [E:\WEB\web迅雷\download_interface.dll]  [Thunder Networking Technologies,LTD, 2, 14, 2, 79]
    [E:\WEB\web迅雷\stlport_vc646.dll]  [STLport Consulting, Inc., 4.6.2003.1031]
    [E:\WEB\web迅雷\asyn_dns.dll]  [Thunder Networking Technologies,LTD, 2, 14, 2, 79]
    [E:\WEB\web迅雷\RegisterDll.dll]  [Thunder Networking Technologies,LTD, 2, 13, 4, 58]
    [C:\KAV2007\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 12, 1, 139]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2006, 12, 21, 241]
    [E:\WEB\web迅雷\historyinfo_manage.dll]  [Thunder Networking Technologies,LTD, 5, 3, 0, 228]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [E:\WEB\web迅雷\iEmbedShell.dll]  [ , 1, 0, 0, 17]
    [E:\WEB\web迅雷\iEmbed09.dll]  [ , 3, 3, 0, 78]
[PID: 1908][C:\WINDOWS\shualai.exe]  [N/A, ]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\shualai.dll]  [N/A, ]
[PID: 244][C:\KAV2007\KMailMon.EXE]  [Kingsoft Corporation, 2007, 2, 25, 948]
    [C:\KAV2007\KAntiSpm.dll]  [Kingsoft Corporation, 2007, 2, 25, 129]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\KAV2007\KAVIPC2.DLL]  [Kingsoft Corporation, 2007, 1, 15, 30]
    [C:\KAV2007\KAECall2.DLL]  [Kingsoft Corporation, 2004, 12, 28, 7]
    [C:\KAV2007\KAEPlat.DLL]  [Kingsoft Corp., 2007, 2, 4, 61]
    [C:\KAV2007\KAEMem.DAT]  [Kingsoft, 2006, 9, 25, 16]
    [C:\KAV2007\KAEUnpack.DAT]  [Kingsoft Corp., 2007, 3, 12, 114]
    [C:\KAV2007\KAConfig.DLL]  [Kingsoft Corporation, 2007, 1, 11, 41]
    [C:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2006, 12, 21, 241]
    [C:\KAV2007\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 12, 1, 139]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 480][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\KAV2007\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 12, 1, 139]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2006, 12, 21, 241]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 496][C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe]  [Google Inc., 1, 2, 1128, 5462]
    [C:\KAV2007\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 12, 1, 139]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2006, 12, 21, 241]
    [C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\res_zh-CN.dll]  [Google Inc., 1, 2, 1128, 5462]
    [C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\swg.dll]  [Google Inc., 1, 2, 1128, 5462]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
gototop
 
chenxiao8191
头像
初生襁褓狮
  • 帖子:21
  • 注册: 2006-08-04
  • 来自:
发表于: 2007-05-06 18:22 | 显示全部 短消息 资料
字号: 3楼

[PID: 504][C:\KAV2007\KPFW32.EXE]  [Kingsoft Corporation, 2007, 2, 2, 687]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MFC71CHS.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\KAV2007\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 12, 1, 139]
    [C:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2006, 12, 21, 241]
    [C:\KAV2007\KAVIPC2.DLL]  [Kingsoft Corporation, 2007, 1, 15, 30]
    [C:\KAV2007\KAConfig.DLL]  [Kingsoft Corporation, 2007, 1, 11, 41]
    [C:\KAV2007\FiltList.dll]  [N/A, ]
    [C:\KAV2007\KAVPassp.DLL]  [Kingsoft Corporation, 2006, 12, 30, 271]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 512][C:\Progra~1\Eset\1explore.exe]  [N/A, ]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 2836][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\KAV2007\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 12, 1, 139]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2006, 12, 21, 241]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 3572][F:\Program Files\2.4.12.806 版本\STRENG\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [C:\KAV2007\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 12, 1, 139]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2006, 12, 21, 241]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\system32\msccrt.dll]  [N/A, ]
    [C:\WINDOWS\system32\Kvsc3.dll]  [N/A, ]
    [C:\WINDOWS\system32\mppds.dll]  [N/A, ]
    [C:\DOCUME~1\new\LOCALS~1\Temp\qjso0.dll]  [N/A, ]
    [C:\DOCUME~1\new\LOCALS~1\Temp\ztso0.dll]  [N/A, ]
    [C:\WINDOWS\system32\winform.dll]  [N/A, ]
    [C:\WINDOWS\system32\cmdbcs.dll]  [N/A, ]
    [C:\WINDOWS\system32\shualai.dll]  [N/A, ]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  Error. [winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1        localhost
127.0.0.1        popwin.9983.com
61.152.169.246    www.kuaiso.com
61.152.169.246    www.my6688.cn
61.152.169.246    www.union123.com
61.152.169.246    www.ktan.cn
61.152.169.246    www.2t2t.cn
61.152.169.246    www.cq530.com
61.152.169.246    www.365tc.com
61.152.169.246    ad.qucha.net
61.152.169.246    www.tan8.cn
61.152.169.246    www.itjj.net
61.152.169.246    www.start188.com
61.152.169.246    www.at58.cn
61.152.169.246    union.yxad.com
61.152.169.246    www.iptan.com
61.152.169.246    www.ip2008.net
61.152.169.246    www.yqif.com
61.152.169.246    www.2t2t.cn
61.152.169.246    www.17tan8.com
61.152.169.246    17tan8.com
61.152.169.246    www.688ip.com
61.152.169.246    www.17tc.com
61.152.169.246    www.zztan.com
61.152.169.246    www.5tanip.com
61.152.169.246    www.16tc.com
61.152.169.246    www.163se.net
61.152.169.246    www.724tc.com
61.152.169.246    www1.6tan.com
61.152.169.246    www2.6tan.com
61.152.169.246    www.6tan.com
61.152.169.246    quxiuu.com
61.152.169.246    www.quxiuu.com
61.152.169.246    www.23b.cn
61.152.169.246    www.ookkw.com
61.152.169.246    www.97725.com
61.152.169.246    down.97725.com
61.152.169.246    www.54699.com
61.152.169.246    web.77276.com
61.152.169.246    www.77276.com
61.152.169.246    d.77276.com
61.152.169.246    do.77276.com
61.152.169.246    i.96981.com
61.152.169.246    wm.103715.com
61.152.169.246    www.138505.com
61.152.169.246    cool.47555.com
61.152.169.246    www.437799.com
61.152.169.246    www.168080.com
61.152.169.246    w.168080.com
61.152.169.246    q.168080.com
61.152.169.246    www.baidu8.org
61.152.169.246    d.qbbd.com
61.152.169.246    w.qbbd.com
61.152.169.246    www.npjxjy.com
61.152.169.246    www.wwwlm.net
61.152.169.246    new2.jixie123.cn
61.152.169.246    www.18dmm.com
61.152.169.246    www.souxse.cn
61.152.169.246    dm1.yiall.com
61.152.169.246    www.nze21.com
61.152.169.246    www.puma163.com
61.152.169.246    www.hyap98.com
61.152.169.246    www.51liulan.cn
61.152.169.246    s.gcuj.com
61.152.169.246    long.down988.cn
61.152.169.246    x.vvcyin.com
61.152.169.246    w.vvcyin.com
61.152.169.246    cc.wzxqy.com
61.152.169.246    ip.315hack.com
61.152.169.246    ip.54liumang.com
61.152.169.246    www.41ip.com
61.152.169.246    xulao.com
61.152.169.246    www.xulao.com
61.152.169.246    www.heixiou.com
61.152.169.246    www.9cyy.com
61.152.169.246    adnx.yygou.cn
61.152.169.246    www1.cw988.cn
61.152.169.246    www2.cw988.cn
61.152.169.246    www.asdwc.com
61.152.169.246    ceoww.com
61.152.169.246    boolom.com
61.152.169.246    www.boolom.com
61.152.169.246    www.tellumore.com
61.152.169.246    www.o1wg.com
61.152.169.246    www.qq756.com
61.152.169.246    ll.chinasese.net
61.152.169.246    www.cnwangmeng.cn
61.152.169.246    0.82211.net
61.152.169.246    rising.whatthishome.com
61.152.169.246    www.canqiou.com
61.152.169.246    www.if56.cn
61.152.169.246    woai777.com
61.152.169.246    www.cz-kc.com
61.152.169.246    www.f1ash8.net
61.152.169.246    new.hackpp.com
61.152.169.246    ad.taoip.cn
61.152.169.246    www.game53.com
61.152.169.246    up.boolom.com
61.152.169.246    t.gcuj.com
61.152.169.246    w.zpx520.com
61.152.169.246    www.08325.cn
61.152.169.246    d.fangni.net
61.152.169.246    psxiaokan1.mei7.com
61.152.169.246    jd.54liumang.com
61.152.169.246    www.ipvip.info
61.152.169.246    www.tao168188.com

==================================
API HOOK
入口点错误:LoadLibraryExW (危险等级: 一般,  被下面模块所HOOK: C:\KAV2007\KASocket.dll)

==================================
隐藏进程
    [188] C:\Program Files\msn\msn.cc
    [2644] C:\Program Files\Common Files\Bitoot

==================================


[/CODE]
gototop
 
chenxiao8191
头像
初生襁褓狮
  • 帖子:21
  • 注册: 2006-08-04
  • 来自:
发表于: 2007-05-06 19:12 | 显示全部 短消息 资料
字号: 4楼

【回复“不一样的黑客”的帖子】有的删不了,又会生成新的文件
gototop
 
chenxiao8191
头像
初生襁褓狮
  • 帖子:21
  • 注册: 2006-08-04
  • 来自:
发表于: 2007-05-06 20:23 | 显示全部 短消息 资料
字号: 5楼

动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <swg><C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe>  [(Verified)Google Inc]
    <KavPFW><"C:\KAV2007\KPFW32.EXE">  [Kingsoft Corporation]
    <ravshell><C:\Progra~1\Eset\1explore.exe>  []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Windows Publisher]
    <nwiz><nwiz.exe /install>  [NVIDIA Corporation]
    <NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <LHotkey><LHotkey.exe>  [Chicony]
    <SoundMan><SOUNDMAN.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>  [(Verified)Microsoft Corporation]
    <runeip><C:\Program Files\Rising\AntiSpyware\runiep.exe>  [Beijing Rising Technology Co., Ltd.]
    <KavStart><"C:\KAV2007\KAVStart.exe" -startup>  [Kingsoft Corporation]
    <WebThunder><E:\WEB\web迅雷\WebThunder.exe>  [(Verified)ShenZhen Thunder Networking Technologies Ltd.]
    <ztsa><C:\DOCUME~1\new\LOCALS~1\Temp\ztso.exe>  []
    <qjsa><C:\DOCUME~1\new\LOCALS~1\Temp\qjso.exe>  []
    <shualai><C:\WINDOWS\shualai.exe /i>  []
    <cmdbcs><C:\WINDOWS\cmdbcs.exe>  []
    <winform><C:\WINDOWS\winform.exe>  []
    <mppds><C:\WINDOWS\mppds.exe>  []
    <msccrt><C:\WINDOWS\msccrt.exe>  []
    <Kvsc3><C:\WINDOWS\Kvsc3.exe>  []
    <WinXPService><C:\WINDOWS\system32\nero.exe>  [mIRC Co. Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\Userinit.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{42A612A4-4334-4424-4234-42261A31A236}><C:\WINDOWS\system32\pdkpri.dll>  []
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><C:\WINDOWS\system32\BLISS.SCR>  [Microsoft]

==================================
启动文件夹
[腾讯QQ]
  <C:\Documents and Settings\new\「开始」菜单\程序\启动\腾讯QQ.lnk --> F:\QQ2007\2007qq\QQ.exe [TENCENT]><N>

==================================
服务
[Automatic / Automatic][Running/Auto Start]
  <C:\Program Files\msn\msn.cc><N/A>
[CoolWare / CoolWare][Stopped/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\struts.dll><N/A>
[DNS Clisent / DNS Clisent][Stopped/Auto Start]
  <C:\SNOWTEST\System32\RaV.exe><N/A>
[F1959A0A / F1959A0A][Stopped/Auto Start]
  <C:\WINDOWS\system32\2DE760.EXE -d><Microsoft Corporation>
[Google Updater Service / gusvc][Stopped/Manual Start]
  <"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Kingsoft Personal Firewall Service / KPfwSvc][Running/Auto Start]
  <"C:\KAV2007\KPfwSvc.EXE"><Kingsoft Corporation>
[Kingsoft Antivirus KWatch Service / KWatchSvc][Running/Auto Start]
  <C:\KAV2007\KWatch.EXE><Kingsoft Corporation>
[Windows lxnq RunThem / lxnq][Stopped/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\PROGRA~1\gsil\qcsv.dll><N/A>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Serv-U FTP Server / Serv-U][Paused/Auto Start]
  <C:\WINDOWS\system32\MSupdate.exe><N/A>
[System Updater Server / System Updater Server][Running/Auto Start]
  <C:\Program Files\Common Files\Bitoot><N/A>
[Universal Plug and Play Device / Universal Plug and Play Device][Stopped/Auto Start]
  <C:\Program Files\ATI Technologies\ATI.ACE\Data\ati><N/A>
[UpdataServer / UpdataServer][Stopped/Auto Start]
  <C:\Program Files\Common Files\Service><N/A>

==================================
驱动程序
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Stopped/Manual Start]
  <system32\drivers\ac97intc.sys><Intel Corporation>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[AliIde / AliIde][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\aliide.sys><N/A>
[CmdIde / CmdIde][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[VIA Rhine-Family Fast Ethernet Adapter Driver Service / FETND5BV][Running/Manual Start]
  <system32\DRIVERS\fetnd5bv.sys><VIA Technologies, Inc.>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Stopped/Manual Start]
  <system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[VIA Rhine Family Fast Ethernet Adapter Driver Service / FETNDISB][Stopped/Manual Start]
  <system32\DRIVERS\fetnd5b.sys><VIA Technologies, Inc.>
[HWiNFO32 Kernel Driver / HWiNFO32][Running/Auto Start]
  <\??\C:\Program Files\HWiNFO32\HWiNFO32.SYS><REALiX(tm)>
[king001 / king001][Stopped/Manual Start]
  <\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\xpe.sys><N/A>
[KNetWch / KNetWch][Running/System Start]
  <\??\C:\KAV2007\KNetWch.SYS><Kingsoft Corporation>
[KWatch3 / KWatch3][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\KWatch3.SYS><Kingsoft Corporation>
[MegaIDE / MegaIDE][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\MegaIDE.sys><LSI Logic Corporation.>
[npkcrypt / npkcrypt][Stopped/Auto Start]
  <\??\D:\Program Files\QQ2005\npkcrypt.sys><N/A>
[NTSIM / NTSIM][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\ntsim.sys><VIA Networking Technologies, Inc.>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[oreans32 / oreans32][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\oreans32.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[ViaIde / ViaIde][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
gototop
 
chenxiao8191
头像
初生襁褓狮
  • 帖子:21
  • 注册: 2006-08-04
  • 来自:
发表于: 2007-05-06 20:33 | 显示全部 短消息 资料
字号: 6楼

浏览器加载项
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Acrobatchs\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[CBrowseStakeout Class]
  {55302805-482E-470E-8A57-6795A1487F90} <C:\KAV2007\KAVAFish.DLL, Kingsoft Corporation>
[Google Toolbar Helper]
  {AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <F:\迅雷 V5.5.5.269\xunlei55\Thunder.exe, Thunder Networking Technologies,LTD>
[微软]
  {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.microsoft.com/china/index.htm, N/A>
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[启动Web迅雷]
  {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} <http://my.xunlei.com, N/A>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <F:\QQ2007\2007qq\QQ.EXE, TENCENT>
[QQIEFloatBarCfgCmd Class]
  {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <d:\Program Files\QQ2005\QQIEHelper.dll, N/A>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[&Google]
  {2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\KAV2007\Flash.OCX, Macromedia, Inc.>
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Acrobatchs\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[&Google]
  {2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[CBrowseStakeout Class]
  {55302805-482E-470E-8A57-6795A1487F90} <C:\KAV2007\KAVAFish.DLL, Kingsoft Corporation>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Google Toolbar Helper]
  {AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\KAV2007\Flash.OCX, Macromedia, Inc.>
[&使用迅雷下载]
  <F:\迅雷 V5.5.5.269\xunlei55\Program\GetUrl.htm, N/A>
[&使用迅雷下载全部链接]
  <F:\迅雷 V5.5.5.269\xunlei55\Program\GetAllUrl.htm, N/A>
[上传到QQ网络硬盘]
  <F:\QQ2007\2007qq\AddToNetDisk.htm, N/A>
[使用Web迅雷下载]
  <E:\WEB\web迅雷\GetUrl.htm, N/A>
[使用Web迅雷下载全部链接]
  <E:\WEB\web迅雷\GetAllUrl.htm, N/A>
[使用影音传送带下载]
  <C:\Program Files\Xi\NetTransport 2\NTAddLink.html, N/A>
[使用影音传送带下载全部链接]
  <C:\Program Files\Xi\NetTransport 2\NTAddList.html, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
  <F:\QQ2007\2007qq\AddPanel.htm, N/A>
[添加到QQ表情]
  <F:\QQ2007\2007qq\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <F:\QQ2007\2007qq\SendMMS.htm, N/A>
[金山毒霸反钓鱼...]
  <C:\KAV2007\KAF\ShowSet.htm, N/A>

==================================
正在运行的进程
[PID: 592][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 648][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 672][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 716][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 728][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 888][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1520][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\pdkpri.dll]  [N/A, ]
    [C:\WINDOWS\system32\cmdbcs.dll]  [N/A, ]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\DOCUME~1\new\LOCALS~1\Temp\qjso0.dll]  [N/A, ]
    [C:\DOCUME~1\new\LOCALS~1\Temp\ztso0.dll]  [N/A, ]
    [C:\WINDOWS\system32\mppds.dll]  [N/A, ]
    [C:\WINDOWS\system32\winform.dll]  [N/A, ]
    [C:\WINDOWS\system32\shualai.dll]  [N/A, ]
    [C:\WINDOWS\system32\Kvsc3.dll]  [N/A, ]
    [C:\WINDOWS\system32\msccrt.dll]  [N/A, ]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2006, 12, 21, 241]
    [C:\KAV2007\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 12, 1, 139]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Acrobatchs\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 7.0.0.2004121400]
    [C:\WINDOWS\HKNTDLL.dll]  [N/A, ]
    [C:\WINDOWS\system32\WINWB86.IME]  [Microsoft Corporation, 4.00.950]
    [C:\WINDOWS\system32\IMSC40A.IME]  [Microsoft Corporation, 6.0.0.2527]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [C:\Program Files\Acrobatchs\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\KAV2007\KAVEXT.DLL]  [Kingsoft Corporation, 2005, 8, 5, 16]
    [C:\WINDOWS\system32\Audiodev.dll]  [Microsoft Corporation, 5.2.3802.3802 built by: dnsrv(bld4act)]
[PID: 1816][C:\WINDOWS\system32\RUNDLL32.EXE]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\NvMcTray.dll]  [NVIDIA Corporation, 6.14.10.7184]
    [C:\WINDOWS\system32\NVRSZHC.DLL]  [NVIDIA Corporation, 6.14.10.7184]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2006, 12, 21, 241]
[PID: 1824][C:\WINDOWS\LHotkey.exe]  [Chicony, 1. 0. 0. 1]
    [C:\WINDOWS\HKNTDLL.dll]  [N/A, ]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2006, 12, 21, 241]
[PID: 1832][C:\WINDOWS\SOUNDMAN.EXE]  [Realtek Semiconductor Corp., 5.1.0.34]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2006, 12, 21, 241]
[PID: 1864][C:\Program Files\Rising\AntiSpyware\runiep.exe]  [Beijing Rising Technology Co., Ltd., 1, 0, 1, 6]
    [C:\Program Files\Rising\AntiSpyware\iep_ctrl.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 4]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2006, 12, 21, 241]
gototop
 
chenxiao8191
头像
初生襁褓狮
  • 帖子:21
  • 注册: 2006-08-04
  • 来自:
发表于: 2007-05-06 20:42 | 显示全部 短消息 资料
字号: 7楼

PID: 1864][C:\Program Files\Rising\AntiSpyware\runiep.exe]  [Beijing Rising Technology Co., Ltd., 1, 0, 1, 6]
    [C:\Program Files\Rising\AntiSpyware\iep_ctrl.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 4]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2006, 12, 21, 241]
[PID: 1872][C:\KAV2007\KAVStart.exe]  [Kingsoft Corporation, 2007, 4, 9, 269]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MFC71CHS.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\KAV2007\KAVIPC2.DLL]  [Kingsoft Corporation, 2007, 1, 15, 30]
    [C:\KAV2007\SvcTimer.DLL]  [Kingsoft Corporation, 2006.12.22.84]
    [C:\KAV2007\PopSprt3.dll]  [Kingsoft Corporation, 2007, 1, 16, 45]
    [C:\KAV2007\KAVPassp.dll]  [Kingsoft Corporation, 2006, 12, 30, 271]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2006, 12, 21, 241]
    [C:\KAV2007\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 12, 1, 139]
    [C:\WINDOWS\system32\msccrt.dll]  [N/A, ]
    [C:\WINDOWS\system32\Kvsc3.dll]  [N/A, ]
    [C:\WINDOWS\system32\mppds.dll]  [N/A, ]
    [C:\DOCUME~1\new\LOCALS~1\Temp\qjso0.dll]  [N/A, ]
    [C:\DOCUME~1\new\LOCALS~1\Temp\ztso0.dll]  [N/A, ]
    [C:\WINDOWS\system32\winform.dll]  [N/A, ]
    [C:\WINDOWS\system32\cmdbcs.dll]  [N/A, ]
    [C:\WINDOWS\system32\shualai.dll]  [N/A, ]
[PID: 1884][E:\WEB\web迅雷\WebThunder.exe]  [深圳市迅雷网络技术有限公司, 1, 7, 2, 107]
    [E:\WEB\web迅雷\taskmanage.dll]  [Thunder Networking Technologies,LTD, 1, 7, 2, 107]
    [E:\WEB\web迅雷\download_interface.dll]  [Thunder Networking Technologies,LTD, 2, 14, 2, 79]
    [E:\WEB\web迅雷\stlport_vc646.dll]  [STLport Consulting, Inc., 4.6.2003.1031]
    [E:\WEB\web迅雷\asyn_dns.dll]  [Thunder Networking Technologies,LTD, 2, 14, 2, 79]
    [E:\WEB\web迅雷\RegisterDll.dll]  [Thunder Networking Technologies,LTD, 2, 13, 4, 58]
    [C:\KAV2007\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 12, 1, 139]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2006, 12, 21, 241]
    [E:\WEB\web迅雷\historyinfo_manage.dll]  [Thunder Networking Technologies,LTD, 5, 3, 0, 228]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [E:\WEB\web迅雷\iEmbedShell.dll]  [ , 1, 0, 0, 17]
    [E:\WEB\web迅雷\iEmbed09.dll]  [ , 3, 3, 0, 78]
    [C:\WINDOWS\system32\msccrt.dll]  [N/A, ]
    [C:\WINDOWS\system32\Kvsc3.dll]  [N/A, ]
    [C:\WINDOWS\system32\mppds.dll]  [N/A, ]
    [C:\DOCUME~1\new\LOCALS~1\Temp\qjso0.dll]  [N/A, ]
    [C:\DOCUME~1\new\LOCALS~1\Temp\ztso0.dll]  [N/A, ]
    [C:\WINDOWS\system32\winform.dll]  [N/A, ]
    [C:\WINDOWS\system32\cmdbcs.dll]  [N/A, ]
    [C:\WINDOWS\system32\shualai.dll]  [N/A, ]
[PID: 1908][C:\WINDOWS\shualai.exe]  [N/A, ]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\shualai.dll]  [N/A, ]
[PID: 244][C:\KAV2007\KMailMon.EXE]  [Kingsoft Corporation, 2007, 2, 25, 948]
    [C:\KAV2007\KAntiSpm.dll]  [Kingsoft Corporation, 2007, 2, 25, 129]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\KAV2007\KAVIPC2.DLL]  [Kingsoft Corporation, 2007, 1, 15, 30]
    [C:\KAV2007\KAECall2.DLL]  [Kingsoft Corporation, 2004, 12, 28, 7]
    [C:\KAV2007\KAEPlat.DLL]  [Kingsoft Corp., 2007, 2, 4, 61]
    [C:\KAV2007\KAEMem.DAT]  [Kingsoft, 2006, 9, 25, 16]
    [C:\KAV2007\KAEUnpack.DAT]  [Kingsoft Corp., 2007, 3, 12, 114]
    [C:\KAV2007\KAConfig.DLL]  [Kingsoft Corporation, 2007, 1, 11, 41]
    [C:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2006, 12, 21, 241]
    [C:\KAV2007\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 12, 1, 139]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 480][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\KAV2007\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 12, 1, 139]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2006, 12, 21, 241]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 496][C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe]  [Google Inc., 1, 2, 1128, 5462]
    [C:\KAV2007\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 12, 1, 139]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2006, 12, 21, 241]
    [C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\res_zh-CN.dll]  [Google Inc., 1, 2, 1128, 5462]
    [C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\swg.dll]  [Google Inc., 1, 2, 1128, 5462]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 504][C:\KAV2007\KPFW32.EXE]  [Kingsoft Corporation, 2007, 2, 2, 687]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MFC71CHS.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\KAV2007\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 12, 1, 139]
    [C:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2006, 12, 21, 241]
    [C:\KAV2007\KAVIPC2.DLL]  [Kingsoft Corporation, 2007, 1, 15, 30]
    [C:\KAV2007\KAConfig.DLL]  [Kingsoft Corporation, 2007, 1, 11, 41]
    [C:\KAV2007\FiltList.dll]  [N/A, ]
    [C:\KAV2007\KAVPassp.DLL]  [Kingsoft Corporation, 2006, 12, 30, 271]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\system32\msccrt.dll]  [N/A, ]
    [C:\WINDOWS\system32\Kvsc3.dll]  [N/A, ]
    [C:\WINDOWS\system32\mppds.dll]  [N/A, ]
    [C:\DOCUME~1\new\LOCALS~1\Temp\qjso0.dll]  [N/A, ]
    [C:\DOCUME~1\new\LOCALS~1\Temp\ztso0.dll]  [N/A, ]
    [C:\WINDOWS\system32\winform.dll]  [N/A, ]
    [C:\WINDOWS\system32\cmdbcs.dll]  [N/A, ]
    [C:\WINDOWS\system32\shualai.dll]  [N/A, ]
gototop
 
chenxiao8191
头像
初生襁褓狮
  • 帖子:21
  • 注册: 2006-08-04
  • 来自:
发表于: 2007-05-06 20:43 | 显示全部 短消息 资料
字号: 8楼

PID: 504][C:\KAV2007\KPFW32.EXE]  [Kingsoft Corporation, 2007, 2, 2, 687]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MFC71CHS.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\KAV2007\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 12, 1, 139]
    [C:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2006, 12, 21, 241]
    [C:\KAV2007\KAVIPC2.DLL]  [Kingsoft Corporation, 2007, 1, 15, 30]
    [C:\KAV2007\KAConfig.DLL]  [Kingsoft Corporation, 2007, 1, 11, 41]
    [C:\KAV2007\FiltList.dll]  [N/A, ]
    [C:\KAV2007\KAVPassp.DLL]  [Kingsoft Corporation, 2006, 12, 30, 271]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\system32\msccrt.dll]  [N/A, ]
    [C:\WINDOWS\system32\Kvsc3.dll]  [N/A, ]
    [C:\WINDOWS\system32\mppds.dll]  [N/A, ]
    [C:\DOCUME~1\new\LOCALS~1\Temp\qjso0.dll]  [N/A, ]
    [C:\DOCUME~1\new\LOCALS~1\Temp\ztso0.dll]  [N/A, ]
    [C:\WINDOWS\system32\winform.dll]  [N/A, ]
    [C:\WINDOWS\system32\cmdbcs.dll]  [N/A, ]
    [C:\WINDOWS\system32\shualai.dll]  [N/A, ]
[PID: 512][C:\Progra~1\Eset\1explore.exe]  [N/A, ]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 2836][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\KAV2007\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 12, 1, 139]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2006, 12, 21, 241]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 2796][C:\Program Files\WinRAR\WinRAR.exe]  [N/A, ]
    [C:\KAV2007\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 12, 1, 139]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2006, 12, 21, 241]
    [C:\WINDOWS\system32\Audiodev.dll]  [Microsoft Corporation, 5.2.3802.3802 built by: dnsrv(bld4act)]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\system32\msccrt.dll]  [N/A, ]
    [C:\WINDOWS\system32\Kvsc3.dll]  [N/A, ]
    [C:\WINDOWS\system32\mppds.dll]  [N/A, ]
    [C:\DOCUME~1\new\LOCALS~1\Temp\qjso0.dll]  [N/A, ]
    [C:\DOCUME~1\new\LOCALS~1\Temp\ztso0.dll]  [N/A, ]
    [C:\WINDOWS\system32\winform.dll]  [N/A, ]
    [C:\WINDOWS\system32\cmdbcs.dll]  [N/A, ]
    [C:\WINDOWS\system32\shualai.dll]  [N/A, ]
    [C:\WINDOWS\system32\pdkpri.dll]  [N/A, ]
[PID: 2996][C:\DOCUME~1\new\LOCALS~1\Temp\Rar$EX00.890\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [C:\KAV2007\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 12, 1, 139]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2006, 12, 21, 241]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\system32\msccrt.dll]  [N/A, ]
    [C:\WINDOWS\system32\Kvsc3.dll]  [N/A, ]
    [C:\WINDOWS\system32\mppds.dll]  [N/A, ]
    [C:\DOCUME~1\new\LOCALS~1\Temp\qjso0.dll]  [N/A, ]
    [C:\DOCUME~1\new\LOCALS~1\Temp\ztso0.dll]  [N/A, ]
    [C:\WINDOWS\system32\winform.dll]  [N/A, ]
    [C:\WINDOWS\system32\cmdbcs.dll]  [N/A, ]
    [C:\WINDOWS\system32\shualai.dll]  [N/A, ]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  Error. [winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1        localhost
127.0.0.1        popwin.9983.com
61.152.169.246    www.kuaiso.com
61.152.169.246    www.my6688.cn
61.152.169.246    www.union123.com
61.152.169.246    www.ktan.cn
61.152.169.246    www.2t2t.cn
61.152.169.246    www.cq530.com
61.152.169.246    www.365tc.com
61.152.169.246    ad.qucha.net
61.152.169.246    www.tan8.cn
61.152.169.246    www.itjj.net
61.152.169.246    www.start188.com
61.152.169.246    www.at58.cn
61.152.169.246    union.yxad.com
61.152.169.246    www.iptan.com
61.152.169.246    www.ip2008.net
61.152.169.246    www.yqif.com
61.152.169.246    www.2t2t.cn
61.152.169.246    www.17tan8.com
61.152.169.246    17tan8.com
61.152.169.246    www.688ip.com
61.152.169.246    www.17tc.com
61.152.169.246    www.zztan.com
61.152.169.246    www.5tanip.com
61.152.169.246    www.16tc.com
61.152.169.246    www.163se.net
61.152.169.246    www.724tc.com
61.152.169.246    www1.6tan.com
61.152.169.246    www2.6tan.com
61.152.169.246    www.6tan.com
61.152.169.246    quxiuu.com
61.152.169.246    www.quxiuu.com
61.152.169.246    www.23b.cn
61.152.169.246    www.ookkw.com
61.152.169.246    www.97725.com
61.152.169.246    down.97725.com
61.152.169.246    www.54699.com
61.152.169.246    web.77276.com
61.152.169.246    www.77276.com
61.152.169.246    d.77276.com
61.152.169.246    do.77276.com
61.152.169.246    i.96981.com
61.152.169.246    wm.103715.com
61.152.169.246    www.138505.com
61.152.169.246    cool.47555.com
61.152.169.246    www.437799.com
61.152.169.246    www.168080.com
61.152.169.246    w.168080.com
61.152.169.246    q.168080.com
61.152.169.246    www.baidu8.org
61.152.169.246    d.qbbd.com
61.152.169.246    w.qbbd.com
61.152.169.246    www.npjxjy.com
61.152.169.246    www.wwwlm.net
61.152.169.246    new2.jixie123.cn
61.152.169.246    www.18dmm.com
61.152.169.246    www.souxse.cn
61.152.169.246    dm1.yiall.com
61.152.169.246    www.nze21.com
61.152.169.246    www.puma163.com
61.152.169.246    www.hyap98.com
61.152.169.246    www.51liulan.cn
61.152.169.246    s.gcuj.com
61.152.169.246    long.down988.cn
61.152.169.246    x.vvcyin.com
61.152.169.246    w.vvcyin.com
61.152.169.246    cc.wzxqy.com
61.152.169.246    ip.315hack.com
61.152.169.246    ip.54liumang.com
61.152.169.246    www.41ip.com
61.152.169.246    xulao.com
61.152.169.246    www.xulao.com
61.152.169.246    www.heixiou.com
61.152.169.246    www.9cyy.com
61.152.169.246    adnx.yygou.cn
61.152.169.246    www1.cw988.cn
61.152.169.246    www2.cw988.cn
61.152.169.246    www.asdwc.com
61.152.169.246    ceoww.com
61.152.169.246    boolom.com
61.152.169.246    www.boolom.com
61.152.169.246    www.tellumore.com
61.152.169.246    www.o1wg.com
61.152.169.246    www.qq756.com
61.152.169.246    ll.chinasese.net
61.152.169.246    www.cnwangmeng.cn
61.152.169.246    0.82211.net
61.152.169.246    rising.whatthishome.com
61.152.169.246    www.canqiou.com
61.152.169.246    www.if56.cn
61.152.169.246    woai777.com
61.152.169.246    www.cz-kc.com
61.152.169.246    www.f1ash8.net
61.152.169.246    new.hackpp.com
61.152.169.246    ad.taoip.cn
61.152.169.246    www.game53.com
61.152.169.246    up.boolom.com
61.152.169.246    t.gcuj.com
61.152.169.246    w.zpx520.com
61.152.169.246    www.08325.cn
61.152.169.246    d.fangni.net
61.152.169.246    psxiaokan1.mei7.com
61.152.169.246    jd.54liumang.com
61.152.169.246    www.ipvip.info
61.152.169.246    www.tao168188.com

==================================
API HOOK
入口点错误:LoadLibraryExW (危险等级: 一般,  被下面模块所HOOK: C:\KAV2007\KASocket.dll)

==================================
隐藏进程
    [188] C:\Program Files\msn\msn.cc
    [2644] C:\Program Files\Common Files\Bitoot

==================================


[/CODE]
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT