收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 原创工具区 Trojan-Downloader.win32.Aqent.elo 如何杀?
返回列表 发新帖
查看: 3313|回复: 7
收起左侧

Trojan-Downloader.win32.Aqent.elo 如何杀?

[复制链接]
hzfjm
发表于 2007-11-2 16:02:26 | 显示全部楼层 |阅读模式
我的电脑中了上述病毒,卡巴斯基总是没有办法杀掉。在中天论坛看到可以杀掉的方法,自己看不懂,请高手帮忙。我电脑上有srengps.exe 软件和powerrmv.exe软件。
回复

举报

hzfjm
 楼主| 发表于 2007-11-2 16:10:00 | 显示全部楼层
[CODE]
2007-11-02,16:03:21
System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)
Windows XP Home Edition Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <SunJavaUpdateSched><"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe">  [(Verified)"Sun Microsystems, Inc."]
    <hpWirelessAssistant><C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe>  [Hewlett-Packard Development Company, L.P.]
    <High Definition Audio Property Page Shortcut><CHDAudPropShortcut.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <igfxtray><C:\WINDOWS\system32\igfxtray.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <igfxhkcmd><C:\WINDOWS\system32\hkcmd.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <igfxpers><C:\WINDOWS\system32\igfxpers.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <SynTPEnh><C:\Program Files\Synaptics\SynTP\SynTPEnh.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <QPService><"C:\Program Files\HP\QuickPlay\QPService.exe">  [CyberLink Corp.]
    <QlbCtrl><%ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start>  [ Hewlett-Packard Development Company, L.P.]
    <BigDogPath><C:\WINDOWS\VM_STI.EXE Webeye USB PC Camera>  [N/A]
    <IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>  [(Verified)Microsoft Corporation]
    <kav><"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe">  [Kaspersky Lab]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <WebThunder><C:\Program Files\Thunder Network\WebThunder\WebThunder.exe>  [(Verified)ShenZhen Thunder Networking Technologies Ltd.]
    <HP Software Update><C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe>  [(Verified)Hewlett-Packard Company]
    <IdnSvr><C:\Program Files\OCINS\idnsvr.exe>  [(Verified)China Internet Network Information Center]
    <KillTrojanMaster><C:\Program Files\木马专杀大师\木马专杀大师.exe>  [木马专杀大师]
    <UnlockerAssistant><"C:\Program Files\Unlocker\UnlockerAssistant.exe">  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
    <WinlogonNotify: igfxcui><igfxdev.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
    <WinlogonNotify: klogon><C:\WINDOWS\system32\klogon.dll>  [Kaspersky Lab]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    <WinlogonNotify: WgaLogon><WgaLogon.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    <N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install>  [Microsoft Corporation]
==================================
启动文件夹
[Zcom 杂志订阅器]
  <C:\Documents and Settings\appleapple\「开始」菜单\程序\启动\Zcom 杂志订阅器.lnk --> C:\PROGRA~1\Zcom\E-Space.exe [智通无限]><N>
[腾讯QQ]
  <C:\Documents and Settings\appleapple\「开始」菜单\程序\启动\腾讯QQ.lnk --> F:\qq\QQ.exe [TENCENT]><N>
==================================
服务
[Application Management / AppMgmt][Stopped/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
  <C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[卡巴斯基反病毒6.0 / AVP][Running/Auto Start]
  <"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r><Kaspersky Lab>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[hpqwmiex / hpqwmiex][Running/Auto Start]
  <C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe><Hewlett-Packard Development Company, L.P.>
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
  <"c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"><Macrovision Corporation>
[LightScribeService Direct Disc Labeling Service / LightScribeService][Running/Auto Start]
  <"C:\Program Files\Common Files\LightScribe\LSSrvc.exe"><Hewlett-Packard Company>
[System Event loader / sysloader][Stopped/Auto Start]
  <"C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\sysloader.exe"><Microsoft>
[一起来音乐助手 / Yiqilai][Stopped/Auto Start]
  <><N/A>
==================================
驱动程序
[abp480n5 / abp480n5][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\ABP480N5.SYS><Microsoft Corporation>
[adpu160m / adpu160m][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\adpu160m.sys><Microsoft Corporation>
[Aha154x / Aha154x][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\aha154x.sys><Microsoft Corporation>
[aic78u2 / aic78u2][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\aic78u2.sys><Microsoft Corporation>
[aic78xx / aic78xx][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\aic78xx.sys><Microsoft Corporation>
[AliIde / AliIde][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\aliide.sys><Acer Laboratories Inc.>
[AMD AGP Bus Filter Driver / amdagp][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\amdagp.sys><Advanced Micro Devices, Inc.>
[asc / asc][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\asc.sys><Advanced System Products, Inc.>
[asc3350p / asc3350p][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\asc3350p.sys><Microsoft Corporation>
[asc3550 / asc3550][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\asc3550.sys><Advanced System Products, Inc.>
[cd20xrnt / cd20xrnt][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\cd20xrnt.sys><Microsoft Corporation>
[CmdIde / CmdIde][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[cnprov / cnprov][Running/Boot Start]
  <\SystemRoot\system32\drivers\cnprov.sys><中国互联网络信息中心(CNNIC)>
[dac2w2k / dac2w2k][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\dac2w2k.sys><Mylex Corporation>
[dpti2o / dpti2o][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\dpti2o.sys><Microsoft Corporation>
[Intel(R) PRO Network Connection Driver / E100B][Running/Manual Start]
  <system32\DRIVERS\e100b325.sys><Intel Corporation>
[eabfiltr / eabfiltr][Running/System Start]
  <system32\DRIVERS\eabfiltr.sys><Hewlett-Packard Development Company, L.P.>
[eabusb / eabusb][Stopped/Manual Start]
  <system32\DRIVERS\eabusb.sys><Hewlett-Packard Development Company, L.P.>
[Symantec Eraser Control driver / eeCtrl][Running/System Start]
  <\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys><Symantec Corporation>
[HBtnKey / HBtnKey][Running/Manual Start]
  <system32\DRIVERS\cpqbttn.sys><Hewlett-Packard Development Company, L.P.>
[Microsoft UAA Function Driver for High Definition Audio Service / HdAudAddService][Running/Manual Start]
  <system32\drivers\CHDAud.sys><Conexant Systems Inc.>
[Microsoft 用于 High Definition Audio 的 UAA 总线驱动程序 / HDAudBus][Running/Manual Start]
  <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[HSFHWAZL / HSFHWAZL][Running/Manual Start]
  <system32\DRIVERS\HSFHWAZL.sys><Conexant Systems, Inc.>
[HSF_DPV / HSF_DPV][Running/Manual Start]
  <system32\DRIVERS\HSF_DPV.sys><Conexant Systems, Inc.>
[HUAWEI Mobile Connect - 3G Modem / hwcdcmdm0][Stopped/Manual Start]
  <system32\DRIVERS\ewusbmdm.sys><QUALCOMM Incorporated>
[HUAWEI Mobile Connect - 3G Application Interface / hwusbser][Stopped/Manual Start]
  <system32\DRIVERS\ewusbser.sys><QUALCOMM Incorporated>
[ialm / ialm][Running/Manual Start]
  <system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[Intel AHCI Controller / iaStor][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\iaStor.sys><Intel Corporation>
[idnaux / idnaux][Running/Auto Start]
  <system32\drivers\idnaux.sys><中国互联网络信息中心(CNNIC)>
[ini910u / ini910u][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\ini910u.sys><Microsoft Corporation>
[kl1 / kl1][Running/Boot Start]
  <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
[klif / klif][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
[kmsinput / kmsinput][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\kmsinput.sys><N/A>
[mdmxsdk / mdmxsdk][Running/Auto Start]
  <system32\DRIVERS\mdmxsdk.sys><Conexant>
[mraid35x / mraid35x][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\mraid35x.sys><American Megatrends Inc.>
[mxdispdr / mxdispdr][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\mxdispdr.sys><N/A>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\F:\qq\npkcrypt.sys><INCA Internet Co., Ltd.>
[npkycryp / npkycryp][Stopped/Manual Start]
  <\??\F:\qq\npkycryp.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
  <\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[ql1080 / ql1080][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\ql1080.sys><QLogic Corporation>
[Ql10wnt / Ql10wnt][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\ql10wnt.sys><Microsoft Corporation>
[ql12160 / ql12160][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\ql12160.sys><QLogic Corporation>
[ql1280 / ql1280][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\ql1280.sys><QLogic Corporation>
[rimmptsk / rimmptsk][Running/Manual Start]
  <system32\DRIVERS\rimmptsk.sys><REDC>
[rimsptsk / rimsptsk][Running/Manual Start]
  <system32\DRIVERS\rimsptsk.sys><REDC>
[Ricoh xD-Picture Card Driver / rismxdp][Running/Manual Start]
  <system32\DRIVERS\rixdptsk.sys><REDC>
[rrlezdo75 / rrlezdo75][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\rrlezdo75.sys><N/A>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[SIS AGP Bus Filter / sisagp][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\sisagp.sys><Silicon Integrated Systems Corporation>
[Sparrow / Sparrow][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\sparrow.sys><Adaptec, Inc.>
[symc810 / symc810][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\symc810.sys><Symbios Logic Inc.>
[symc8xx / symc8xx][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\symc8xx.sys><LSI Logic>
[sym_hi / sym_hi][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\sym_hi.sys><LSI Logic>
[sym_u3 / sym_u3][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\sym_u3.sys><LSI Logic>
[Synaptics TouchPad Driver / SynTP][Running/Manual Start]
  <system32\DRIVERS\SynTP.sys><Synaptics, Inc.>
[TosIde / TosIde][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\toside.sys><Microsoft Corporation>
[ultra / ultra][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\ultra.sys><Promise Technology, Inc.>
[ViaIde / ViaIde][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
[Intel(R) PRO/Wireless 3945ABG Adapter Driver / w39n51][Running/Manual Start]
  <system32\DRIVERS\w39n51.sys><Intel? Corporation>
[winachsf / winachsf][Running/Manual Start]
  <system32\DRIVERS\HSF_CNXT.sys><Conexant Systems, Inc.>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[Webeye USB PC Camera / ZSMC301b][Stopped/Manual Start]
  <System32\Drivers\usbVM31b.sys><VM>
==================================
浏览器加载项
[WebThunder Browser Helper]
  {00000AAA-A363-466E-BEF5-9BB68697AA7F} <C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_Now.dll, Thunder Networking Technologies,LTD>
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[IEAux Class]
  {7605CC7C-00FD-4A5F-BAFD-828342DE6279} <C:\PROGRA~1\OCINS\ieaux.dll, 中国互联网络信息中心(CNNIC)>
[SSVHelper Class]
  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <F:\xunkei\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD>
[Google Toolbar Helper]
  {AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar4.dll, Google Inc.>
[MSN Browser]
  {C86488AF-13D5-4FEF-9DDF-9FB88698CFC1} <C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\yVqWXzrSfC.dll, Microsoft Corporation>
[启动迅雷]
  {0062C9BD-B349-40DE-91A0-755F37ACD559} <F:\xunkei\Thunder.exe, Thunder Networking Technologies,LTD>
[Java Plug-in 1.6.0_03]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[Web反病毒保护]
  {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll, Kaspersky Lab>
[Zcom 杂志]
  {4045D313-1D5E-4fe4-93A0-A34630B6A00B} <C:\Program Files\Zcom\E-Space.exe, 智通无限>
[一起来音乐社区]
  {7DBC6ADB-5788-4FB9-AEC3-B40A58AC11DF} <http://www.yiqilai.com, N/A>
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[启动WEB迅雷]
  {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} <http://my.xunlei.com, N/A>
回复

举报

hzfjm
 楼主| 发表于 2007-11-2 16:12:47 | 显示全部楼层
[[中文上网]
  {B012491E-8FA4-4851-AA9B-22E33784FBAD} <C:\Program Files\OCINS\config.exe, 中国互联网络信息中心(CNNIC)>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[&Google]
  {2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar4.dll, Google Inc.>
[Windows Genuine Advantage Validation Tool]
  {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\LegitCheckControl.DLL, Microsoft Corporation>
[EditCtrl Class]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\aliedit.dll, >
[Java Plug-in 1.6.0_03]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[AxSubmitControl Class]
  {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} <C:\WINDOWS\DOWNLO~1\SUBMIT~1.DLL, >
[Java Plug-in 1.5.0_09]
  {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_01]
  {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_02]
  {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_03]
  {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_03]
  {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll, Sun Microsystems, Inc.>
[WebThunder Browser Helper]
  {00000AAA-A363-466E-BEF5-9BB68697AA7F} <C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_Now.dll, Thunder Networking Technologies,LTD>
[Google Script Object]
  {00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <c:\program files\google\googletoolbar4.dll, Google Inc.>
[WebThunder Class]
  {03507A1A-E0C5-4404-AA26-205385C0892D} <, N/A>
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Windows Genuine Advantage Validation Tool]
  {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\LegitCheckControl.DLL, Microsoft Corporation>
[iTrusPTA Class]
  {1E0DFFCF-27FF-4574-849B-55007349FEDA} <C:\WINDOWS\system32\aliedit\pta.dll, >
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[&Google]
  {2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar4.dll, Google Inc.>
[PowerPlr Control]
  {2354A44B-3CEB-4829-9940-545B03103538} <C:\PROGRA~1\Powerise\REAL2A~1\PowerPlr.ocx, 创智数码科技股份有限公司>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[WebThunder DapPlayer]
  {2EEDA47E-8D5C-4d7e-B4B6-E16E19218555} <C:\Program Files\Thunder Network\WebThunder\DownAndPlay\DapPlayer3.0.31.55.dll, ShenZhen Thunder Networking Technologies Ltd.>
[ZComActiveX Class]
  {3A7698F3-1BCC-4838-B3BF-EF4E3C5E209A} <C:\Program Files\Zcom\ZComAgent.dll, 智通无限>
[XML Document]
  {48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\system32\msxml3.dll, N/A>
[EditCtrl Class]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\aliedit.dll, >
[HHCtrl Object]
  {52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[Shell Name Space]
  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[XMP Class]
  {6483F145-A768-4C41-AACC-52D4D7845851} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, >
[XDRM]
  {693571CB-54A3-4E90-9D52-EEAE1334E2D3} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work, >
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[WangWangObj Class]
  {6E213FC7-DD5A-4115-B7E6-D4C7838C361E} <C:\Program Files\Alisoft\WangWang\WangWangX4.dll, 阿里软件(中国)有限公司>
[Active Desktop Mover]
  {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[AxInputControl Class]
  {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\DOWNLO~1\INPUTC~1.DLL, >
[IEAux Class]
  {7605CC7C-00FD-4A5F-BAFD-828342DE6279} <C:\PROGRA~1\OCINS\ieaux.dll, 中国互联网络信息中心(CNNIC)>
[SSVHelper Class]
  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[MediaComm Class]
  {7670648D-461B-42AF-BDFE-46D26AF5EFF2} <C:\Program Files\Thunder Network\WebThunder\InMedia\MediaAddin13.dll, Thunder Networking Technologies,LTD>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <F:\xunkei\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD>
[AxSubmitControl Class]
  {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} <C:\WINDOWS\DOWNLO~1\SUBMIT~1.DLL, >
[RMGetLicense Class]
  {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation>
[Google Toolbar Helper]
  {AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar4.dll, Google Inc.>
[WebVGPlayer Class]
  {AA899B43-24BD-4B6B-BBD0-45557D8D11E0} <, N/A>
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Messenger Object]
  {B69003B3-C55E-4B48-836C-BC5946FC3B28} <C:\Program Files\Messenger\msgsc.dll, Microsoft Corporation>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[MSN Browser]
  {C86488AF-13D5-4FEF-9DDF-9FB88698CFC1} <C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\yVqWXzrSfC.dll, Microsoft Corporation>
[Adobe Acrobat Control for ActiveX]
  {CA8A9780-280D-11CF-A24D-444553540000} <C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\ActiveX\pdf.ocx, Adobe Systems Incorporated>
[TestActiveX Control]
  {CC39A130-02BC-4BFA-B06A-E46EFA9165F9} <C:\WINDOWS\system32\Down.ocx, VIEWGOOD>
[AUDIO__MID Moniker Class]
  {CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__MP3 Moniker Class]
  {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__X_MS_WMA Moniker Class]
  {CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__MPEG Moniker Class]
  {CD3AFA89-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_ASF Moniker Class]
  {CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
  {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[PasswordEditCtrl Class]
  {E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技(深圳)有限公司>
[BoBo P2P多媒体网络点播/广播/直播系统 V3]
  {EC0978ED-24E3-403C-AB7A-060E388553E6} <C:\WINDOWS\system32\BOBO_A~1.OCX, 广州易播信息科技有限公司>
[XPPlayer Class]
  {F3E70CEA-956E-49CC-B444-73AFE593AD7F} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\pplayer.dll_1_work, Thunder>
[MyTvPlayer1 Class]
  {F4B182CA-9795-4087-990D-0BF26659E970} <C:\WINDOWS\MYTVPL~1\MyTvPlay.dll, N/A>
[&使用迅雷下载]
  <F:\xunkei\Program\GetUrl.htm, N/A>
[&使用迅雷下载全部链接]
  <F:\xunkei\Program\GetAllUrl.htm, N/A>
[&访问通用网址]
  <C:\Program Files\OCINS\cnrbtn.html, N/A>
[使用Web迅雷下载]
  <C:\Program Files\Thunder Network\WebThunder\GetUrl.htm, N/A>
[使用Web迅雷下载全部链接]
  <C:\Program Files\Thunder Network\WebThunder\GetAllUrl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ表情]
  <F:\qq\AddEmotion.htm, N/A>
[用比特精灵下载(&B)]
  <, N/A>
==================================


[/CODE]
回复

举报

hzfjm
 楼主| 发表于 2007-11-2 16:13:31 | 显示全部楼层


  3. ==================================
  4. 正在运行的进程
  5. [PID: 896 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  6. [PID: 956 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  7. [PID: 984 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  8.     [C:\WINDOWS\system32\klogon.dll]  [Kaspersky Lab, 6.0.0.299]
  9.     [C:\WINDOWS\system32\WgaLogon.dll]  [Microsoft Corporation, 1.7.0018.5]
  10.     [C:\WINDOWS\system32\msplrct.dll]  [N/A, ]
  11.     [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
  12. [PID: 1036 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  13.     [C:\WINDOWS\AppPatch\AcAdProc.dll]  [Microsoft Corporation, 5.1.2600.3008 (xpsp.061004-0027)]
  14.     [C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\loader.dll]  [N/A, ]
  15. [PID: 1048 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  16. [PID: 1208 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  17. [PID: 1276 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  18. [PID: 1420 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  19. [PID: 1544 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  20. [PID: 1616 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  21. [PID: 1948 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
  22.     [C:\WINDOWS\system32\mdimon.dll]  [Microsoft Corporation, 11.3.1897.0]
  23.     [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll]  [Microsoft Corporation, 11.3.1897.0]
  24. [PID: 580 / SYSTEM][C:\Program Files\Common Files\LightScribe\LSSrvc.exe]  [Hewlett-Packard Company, 1.4.74.1]
  25.     [C:\Program Files\Common Files\LightScribe\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
  26.     [C:\Program Files\Common Files\LightScribe\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
  27. [PID: 772 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  28. [PID: 1484 / appleapple][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
  29.     [C:\Program Files\Unlocker\UnlockerHook.dll]  [N/A, ]
  30.     [C:\WINDOWS\system32\WPDShServiceObj.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
  31.     [C:\Program Files\木马专杀大师\Sockethook.dll]  [N/A, ]
  32.     [C:\WINDOWS\system32\PortableDeviceTypes.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
  33.     [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
  34.     [C:\WINDOWS\system32\PortableDeviceApi.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
  35.     [C:\WINDOWS\system32\igfxpph.dll]  [Intel Corporation, 3.0.0.4543]
  36.     [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.4543]
  37.     [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3.0.0.4543]
  38.     [C:\WINDOWS\system32\igfxress.dll]  [Intel Corporation, 3.0.0.4543]
  39.     [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.4543]
  40. [PID: 1692 / SYSTEM][C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe]  [Hewlett-Packard Development Company, L.P., 2, 0, 1, 8]
  41. [PID: 2040 / appleapple][C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe]  [Sun Microsystems, Inc., 6.0.30.5]
  42. [PID: 172 / appleapple][C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe]  [Hewlett-Packard Development Company, L.P., 2, 0, 5, 1]
  43.     [C:\Program Files\Unlocker\UnlockerHook.dll]  [N/A, ]
  44.     [C:\Program Files\木马专杀大师\Sockethook.dll]  [N/A, ]
  45. [PID: 2008 / appleapple][C:\WINDOWS\system32\hkcmd.exe]  [Intel Corporation, 3.0.0.4543]
  46.     [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.4543]
  47.     [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.4543]
  48.     [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3.0.0.4543]
  49.     [C:\Program Files\木马专杀大师\Sockethook.dll]  [N/A, ]
  50. [PID: 248 / appleapple][C:\WINDOWS\system32\igfxpers.exe]  [Intel Corporation, 3.0.0.4543]
  51.     [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.4543]
  52.     [C:\Program Files\木马专杀大师\Sockethook.dll]  [N/A, ]
  53. [PID: 276 / appleapple][C:\Program Files\Synaptics\SynTP\SynTPEnh.exe]  [Synaptics, Inc., 8.2.23 31Mar06]
  54.     [C:\WINDOWS\system32\SynCOM.dll]  [Synaptics, Inc., 8.2.23 31Mar06]
  55.     [C:\WINDOWS\system32\SynTPAPI.dll]  [Synaptics, Inc., 8.2.23 31Mar06]
  56.     [C:\Program Files\木马专杀大师\Sockethook.dll]  [N/A, ]
  57. [PID: 304 / appleapple][C:\Program Files\HP\QuickPlay\QPService.exe]  [CyberLink Corp., 4.5.0.0000]
  58.     [C:\Program Files\HP\QuickPlay\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
  59.     [C:\Program Files\HP\QuickPlay\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
  60.     [C:\WINDOWS\system32\MFC71CHS.DLL]  [Microsoft Corporation, 7.10.3077.0]
  61.     [C:\Program Files\HP\QuickPlay\helper.dll]  [CyberLink Corp., 3.00.4021 ]
  62.     [C:\Program Files\HP\QuickPlay\Kernel\common\CLDataSync.dll]  [, 1, 0, 0, 1]
  63.     [C:\Program Files\木马专杀大师\Sockethook.dll]  [N/A, ]
  64. [PID: 376 / appleapple][C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe]  [ Hewlett-Packard Development Company, L.P., 6, 0, 5, 1]
  65.     [C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBSERVICE.dll]  [Hewlett-Packard Development Company, L.P., 6, 0, 5, 1]
  66.     [C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\hpqExec.dll]  [Hewlett-Packard Company, 6, 0, 5, 1]
  67.     [C:\Program Files\Unlocker\UnlockerHook.dll]  [N/A, ]
  68.     [C:\Program Files\木马专杀大师\Sockethook.dll]  [N/A, ]
  69. [PID: 400 / appleapple][C:\WINDOWS\VM_STI.EXE]  [VM., 4.2.610.4]
  70.     [C:\WINDOWS\system32\msdmo.dll]  [, ]
  71.     [C:\Program Files\木马专杀大师\Sockethook.dll]  [N/A, ]
  72. [PID: 548 / SYSTEM][C:\WINDOWS\system32\wbem\wmiprvse.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  73. [PID: 608 / appleapple][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  [RealNetworks, Inc., 0.1.0.3018]
  74.     [C:\Program Files\木马专杀大师\Sockethook.dll]  [N/A, ]
  75. [PID: 1092 / appleapple][C:\Program Files\Thunder Network\WebThunder\WebThunder.exe]  [深圳市迅雷网络技术有限公司, 1, 11, 1, 188]
  76.     [C:\Program Files\Thunder Network\WebThunder\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
  77.     [C:\Program Files\Thunder Network\WebThunder\TaskManager.dll]  [Thunder Networking Technologies,LTD, 1, 2, 4, 38]
  78.     [C:\Program Files\Thunder Network\WebThunder\download_interface.dll]  [Thunder Networking Technologies,LTD, 2, 19, 2, 178]
  79.     [C:\Program Files\Thunder Network\WebThunder\stlport_vc646.dll]  [STLport Consulting, Inc., 4.6.2003.1031]
  80.     [C:\Program Files\Thunder Network\WebThunder\asyn_dns.dll]  [Thunder Networking Technologies,LTD, 2, 19, 2, 178]
  81.     [C:\Program Files\Thunder Network\WebThunder\streammedialib.dll]  [, 1, 2, 0, 78]
  82.     [C:\Program Files\Thunder Network\WebThunder\RegisterDll.dll]  [Thunder Networking Technologies,LTD, 2, 16, 5, 61]
  83.     [C:\Program Files\Thunder Network\WebThunder\CacheServer.dll]  [, 1, 0, 0, 1]
  84.     [C:\Program Files\木马专杀大师\Sockethook.dll]  [N/A, ]
  85.     [C:\Program Files\Unlocker\UnlockerHook.dll]  [N/A, ]
  86.     [C:\Program Files\Thunder Network\WebThunder\XLSafe\SafeInfo.dll]  [深圳市迅雷网络技术有限公司, 1, 0, 1, 0]
  87.     [C:\Program Files\Thunder Network\WebThunder\XLNet.Dll]  [Thunder Networking Technologies,LTD, 1, 2, 1, 9]
  88.     [C:\Program Files\Thunder Network\WebThunder\DownAndPlay\WebDownAndPlay.dll]  [ShenZhen Thunder Networking Technologies Ltd., 1, 0, 2, 20]
  89.     [C:\Program Files\Thunder Network\WebThunder\XLStatistic\XLStatisticAddin.dll]  [深圳市迅雷网络技术有限公司, 1, 3, 0, 4]
  90. [PID: 648 / appleapple][C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe]  [Hewlett-Packard, 80, 1, 0, 0]
  91.     [C:\Program Files\木马专杀大师\Sockethook.dll]  [N/A, ]
  92. [PID: 676 / appleapple][C:\Program Files\OCINS\idnsvr.exe]  [中国互联网信息中心(CNNIC), 2, 6, 0, 1]
  93.     [C:\Program Files\OCINS\idnsvr.dll]  [中国互联网信息中心(CNNIC), 2, 6, 0, 2]
  94.     [C:\Program Files\Unlocker\UnlockerHook.dll]  [N/A, ]
  95.     [C:\Program Files\木马专杀大师\Sockethook.dll]  [N/A, ]
  96. [PID: 732][C:\Program Files\木马专杀大师\木马专杀大师.exe]  [木马专杀大师, 2.1.1.0]
  97.     [C:\Program Files\Unlocker\UnlockerHook.dll]  [N/A, ]
  98.     [C:\Program Files\木马专杀大师\Sockethook.dll]  [N/A, ]
  99. [PID: 740 / appleapple][C:\Program Files\Unlocker\UnlockerAssistant.exe]  [N/A, ]
  100.     [C:\Program Files\Unlocker\UnlockerHook.dll]  [N/A, ]
  101.     [C:\Program Files\木马专杀大师\Sockethook.dll]  [N/A, ]
  102. [PID: 844 / appleapple][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  103.     [C:\Program Files\Unlocker\UnlockerHook.dll]  [N/A, ]
  104.     [C:\Program Files\木马专杀大师\Sockethook.dll]  [N/A, ]
  105. [PID: 1312 / appleapple][C:\Program Files\Zcom\E-Space.exe]  [智通无限, 0.0.1]
  106.     [C:\Program Files\Unlocker\UnlockerHook.dll]  [N/A, ]
  107.     [C:\Program Files\Zcom\PlugIns\zfun_httpd.dll]  [N/A, ]
  108.     [C:\Program Files\木马专杀大师\Sockethook.dll]  [N/A, ]
  109.     [C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL]  [Microsoft Corporation, 11.0.5510]
  110.     [C:\Program Files\Zcom\PlugIns\zfun_stat.dll]  [N/A, ]
  111. [PID: 3392 / appleapple][C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE]  [, 1, 0, 0, 7]
  112.     [C:\Program Files\木马专杀大师\Sockethook.dll]  [N/A, ]
  113.     [C:\Program Files\Unlocker\UnlockerHook.dll]  [N/A, ]
  114. [PID: 3400 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  115. [PID: 3256 / appleapple][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
  116.     [C:\Program Files\木马专杀大师\Sockethook.dll]  [N/A, ]
  117.     [C:\Program Files\Unlocker\UnlockerHook.dll]  [N/A, ]
  118.     [c:\program files\google\googletoolbar4.dll]  [Google Inc., 4, 0, 1601, 4978]
  119.     [C:\WINDOWS\system32\PortableDeviceApi.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
  120.     [C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 46]
  121.     [C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 6.0.1.2003110300]
  122.     [C:\PROGRA~1\OCINS\ieaux.dll]  [中国互联网络信息中心(CNNIC), 2, 6, 0, 9]
  123.     [C:\PROGRA~1\OCINS\idnsvr.dll]  [中国互联网信息中心(CNNIC), 2, 6, 0, 2]
  124.     [C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll]  [Sun Microsystems, Inc., 6.0.30.5]
  125.     [C:\Program Files\Java\jre1.6.0_03\bin\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
  126.     [F:\xunkei\ComDlls\XunLeiBHO_002.dll]  [Thunder Networking Technologies,LTD, 5, 0, 0, 2]
  127.     [C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\yVqWXzrSfC.dll]  [Microsoft Corporation, 3, 0, 8, 0]
  128.     [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
  129.     [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scr_ch_pg.dll]  [Kaspersky Lab, 1.0.6.299]
  130.     [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\klscav.dll]  [Kaspersky Lab, 6.0.0.299]
  131.     [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\pr_remote.dll]  [Kaspersky Lab, 6.0.0.299]
  132.     [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll]  [Kaspersky Lab, 6.0.0.299]
  133.     [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prkernel.ppl]  [Kaspersky Lab, 6.0.0.304]
  134.     [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\params.ppl]  [Kaspersky Lab, 6.0.0.299]
  135.     [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\pxstub.ppl]  [Kaspersky Lab, 6.0.0.299]
  136.     [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\tempfile.ppl]  [Kaspersky Lab, 6.0.0.299]
  137.     [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
  138.     [C:\WINDOWS\system32\xpsp3res.dll]  [Microsoft Corporation, 5.1.2600.3199 (xpsp_sp2_gdr.070821-1257)]
  139.     [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\nfio.ppl]  [Kaspersky Lab, 6.0.0.299]
  140.     [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\fsdrvplgn.ppl]  [Kaspersky Lab, 6.0.0.299]
  141.     [C:\WINDOWS\system32\msdmo.dll]  [, ]
  142.     [C:\Program Files\Common Files\muvee Technologies\MainConcept\mcspmpeg.ax]  [MainConcept AG, 1, 0, 0, 58]
  143.     [C:\Program Files\Common Files\muvee Technologies\MainConcept\mpegin.dll]  [MainConcept AG, official release build]
  144. [PID: 1356 / appleapple][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
  145.     [C:\Program Files\木马专杀大师\Sockethook.dll]  [N/A, ]
  146.     [C:\Program Files\Unlocker\UnlockerHook.dll]  [N/A, ]
  147.     [c:\program files\google\googletoolbar4.dll]  [Google Inc., 4, 0, 1601, 4978]
  148.     [C:\WINDOWS\system32\PortableDeviceApi.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
  149.     [C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 46]
  150.     [C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 6.0.1.2003110300]
  151.     [C:\PROGRA~1\OCINS\ieaux.dll]  [中国互联网络信息中心(CNNIC), 2, 6, 0, 9]
  152.     [C:\PROGRA~1\OCINS\idnsvr.dll]  [中国互联网信息中心(CNNIC), 2, 6, 0, 2]
  153.     [C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll]  [Sun Microsystems, Inc., 6.0.30.5]
  154.     [C:\Program Files\Java\jre1.6.0_03\bin\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
  155.     [F:\xunkei\ComDlls\XunLeiBHO_002.dll]  [Thunder Networking Technologies,LTD, 5, 0, 0, 2]
  156.     [C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\yVqWXzrSfC.dll]  [Microsoft Corporation, 3, 0, 8, 0]
  157.     [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
  158.     [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scr_ch_pg.dll]  [Kaspersky Lab, 1.0.6.299]
  159.     [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\klscav.dll]  [Kaspersky Lab, 6.0.0.299]
  160.     [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\pr_remote.dll]  [Kaspersky Lab, 6.0.0.299]
  161.     [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll]  [Kaspersky Lab, 6.0.0.299]
  162.     [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prkernel.ppl]  [Kaspersky Lab, 6.0.0.304]
  163.     [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\params.ppl]  [Kaspersky Lab, 6.0.0.299]
  164.     [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\pxstub.ppl]  [Kaspersky Lab, 6.0.0.299]
  165.     [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\tempfile.ppl]  [Kaspersky Lab, 6.0.0.299]
  166.     [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
  167.     [C:\WINDOWS\system32\xpsp3res.dll]  [Microsoft Corporation, 5.1.2600.3199 (xpsp_sp2_gdr.070821-1257)]
  168.     [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\nfio.ppl]  [Kaspersky Lab, 6.0.0.299]
  169.     [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\fsdrvplgn.ppl]  [Kaspersky Lab, 6.0.0.299]
  170. [PID: 1832 / appleapple][C:\Program Files\WinRAR\WinRAR.exe]  [N/A, ]
  171.     [C:\Program Files\木马专杀大师\Sockethook.dll]  [N/A, ]
  172.     [C:\Program Files\Unlocker\UnlockerHook.dll]  [N/A, ]
  173.     [C:\WINDOWS\system32\wpdshext.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
  174.     [C:\WINDOWS\system32\PortableDeviceApi.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
  175.     [C:\WINDOWS\system32\Audiodev.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
  176. [PID: 3216 / appleapple][C:\DOCUME~1\APPLEA~1\LOCALS~1\Temp\Rar$EX18.594\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
  177.     [C:\Program Files\木马专杀大师\Sockethook.dll]  [N/A, ]
  178.     [C:\Program Files\Unlocker\UnlockerHook.dll]  [N/A, ]
  179.     [C:\DOCUME~1\APPLEA~1\LOCALS~1\Temp\Rar$EX18.594\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
  180. ==================================
  181. 文件关联
  182. .TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
  183. .EXE  OK. ["%1" %*]
  184. .COM  OK. ["%1" %*]
  185. .PIF  OK. ["%1" %*]
  186. .REG  OK. [regedit.exe "%1"]
  187. .BAT  OK. ["%1" %*]
  188. .SCR  OK. ["%1" /S]
  189. .CHM  OK. ["C:\WINDOWS\hh.exe" %1]
  190. .HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
  191. .INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
  192. .INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
  193. .VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
  194. .JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
  195. .LNK  OK. [{00021401-0000-0000-C000-000000000046}]
  196. ==================================
  197. Winsock 提供者
  198. N/A
  199. ==================================
  200. Autorun.inf
  201. N/A
  202. ==================================
  203. HOSTS 文件
  204. 127.0.0.1       localhost
  205. ==================================
  206. 进程特权扫描
  207. 特殊特权被允许: SeLoadDriverPrivilege [PID = 172, C:\PROGRAM FILES\HPQ\HP WIRELESS ASSISTANT\HP WIRELESS ASSISTANT.EXE]
  208. 特殊特权被允许: SeLoadDriverPrivilege [PID = 304, C:\PROGRAM FILES\HP\QUICKPLAY\QPSERVICE.EXE]
  209. 特殊特权被允许: SeLoadDriverPrivilege [PID = 376, C:\PROGRAM FILES\HEWLETT-PACKARD\HP QUICK LAUNCH BUTTONS\QLBCTRL.EXE]
  210. 特殊特权被允许: SeLoadDriverPrivilege [PID = 400, C:\WINDOWS\VM_STI.EXE]
  211. 特殊特权被允许: SeLoadDriverPrivilege [PID = 608, C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE]
  212. 特殊特权被允许: SeDebugPrivilege [PID = 732, C:\PROGRAM FILES\木马专杀大师\木马专杀大师.EXE]
  213. 特殊特权被允许: SeLoadDriverPrivilege [PID = 732, C:\PROGRAM FILES\木马专杀大师\木马专杀大师.EXE]
  214. 特殊特权被允许: SeLoadDriverPrivilege [PID = 1312, C:\PROGRAM FILES\ZCOM\E-SPACE.EXE]
  215. 特殊特权被允许: SeLoadDriverPrivilege [PID = 1832, C:\PROGRAM FILES\WINRAR\WINRAR.EXE]
  216. ==================================
  217. API HOOK
  218. RVA  错误: LoadLibraryA (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
  219. RVA  错误: LoadLibraryExA (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
  220. RVA  错误: LoadLibraryExW (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
  221. RVA  错误: LoadLibraryW (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
  222. RVA  错误: GetProcAddress (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
  223. ==================================
  224. 隐藏进程
  225.     [733] C:\Program Files\木马专杀大师\木马专杀大师.exe
  226. ==================================
复制代码
回复

举报

风雪
发表于 2007-11-2 17:22:02 | 显示全部楼层
http://dl.filseclab.com/down/powerrmv.zip  批量复制文件路径点击空白处右键粘贴,开始。清除,抑制杀灭对象再生成勾打上。
C:\WINDOWS\system32\msplrct.dll
C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\loader.dll
C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\yVqWXzrSfC.dll
C:\WINDOWS\system32\drivers\rrlezdo75.sys
C:\WINDOWS\system32\drivers\mxdispdr.sys
C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\sysloader.exe

运行 SREngPS.EXE在"启动项目->服务->"Win32服务应用程序"选中"隐藏微软服务" 然后将下面名称的服务
"删除服务"->"设置"->"否" (注意: 按"否"是确认删除服务,按"是"为取消操作)

[System Event loader / sysloader][Stopped/Auto Start]
  <"C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\sysloader.exe"><Microsoft>
[一起来音乐助手 / Yiqilai][Stopped/Auto Start]
  <><N/A>


运行 SREngPS.EXE在"启动项目->服务->"驱动程序"选中"隐藏微软服务" 然后将下面名称的服务
"删除服务"->"设置"->"否" (注意: 按"否"是确认删除服务,按"是"为取消操作)
[mxdispdr / mxdispdr][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\mxdispdr.sys><N/A>
[rrlezdo75 / rrlezdo75][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\rrlezdo75.sys><N/A>

Windows清理助手、恶意软件清理助手清理恶意软件升级安全模式查一下:
http://www.arswp.com/download/arswp2/arswp2.zip
http://update1.tommsoft.com/rscleaner/roguecleaner.rar
回复

举报

hzfjm
 楼主| 发表于 2007-11-2 18:50:17 | 显示全部楼层
多谢帮助,已经完全解决问题。
回复

举报

风雪
发表于 2007-11-2 18:52:16 | 显示全部楼层
问题解决,修改标题已解决吧。
回复

举报

hzfjm
 楼主| 发表于 2007-11-3 12:05:28 | 显示全部楼层
我不知道怎么修改,告诉我操作啊?
回复

举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2025-3-19 14:28 , Processed in 0.121404 second(s), 17 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表