[C:\Syswm1h\Ghook.dll]
[N/A, ]
[C:\WINDOWS\system32\msdmo.dll]
[, ]
[C:\DOCUME~1\t16633\LOCALS~1\Temp\Rav20.dll]
[N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll]
[N/A, ]
[C:\DOCUME~1\t16633\LOCALS~1\Temp\Qqzo0.dll]
[N/A, ]
[PID: 3444][C:\WINDOWS\system32\wscntfy.exe]
[Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]
[Yahoo! China, 3, 0, 1, 1019]
[C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ykern.dll]
[Yahoo! China, 3, 2, 1, 1027]
[C:\Program Files\Internet Explorer\PLUGINS\SystemKb.sys]
[N/A, ]
[C:\Syswm1h\Ghook.dll]
[N/A, ]
[PID: 3692][C:\Program Files\FlashGet\flashget.exe]
[FlashGet.com, 1, 8, 2, 1001]
[C:\Program Files\FlashGet\FGBTCORE.dll]
[, 1, 0, 0, 36]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]
[Yahoo! China, 3, 0, 1, 1019]
[C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ykern.dll]
[Yahoo! China, 3, 2, 1, 1027]
[C:\Program Files\Internet Explorer\PLUGINS\SystemKb.sys]
[N/A, ]
[C:\Syswm1h\Ghook.dll]
[N/A, ]
[C:\Program Files\FlashGet\fgupdate.dll]
[www.flashget.com, 1, 8, 1, 1002]
[C:\DOCUME~1\t16633\LOCALS~1\Temp\Rav20.dll]
[N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll]
[N/A, ]
[C:\DOCUME~1\t16633\LOCALS~1\Temp\Qqzo0.dll]
[N/A, ]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scr_ch_pg.dll]
[Kaspersky Lab, 1.0.6.299]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\klscav.dll]
[Kaspersky Lab, 6.0.0.299]
[PID: 2600][C:\WINDOWS\system32\wuauclt.exe]
[Microsoft Corporation, 5.8.0.2469 built by: lab01_n(wmbla)]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]
[Yahoo! China, 3, 0, 1, 1019]
[C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ykern.dll]
[Yahoo! China, 3, 2, 1, 1027]
[C:\Program Files\Internet Explorer\PLUGINS\SystemKb.sys]
[N/A, ]
[C:\Syswm1h\Ghook.dll]
[N/A, ]
[PID: 2436][C:\Program Files\Internet Explorer\IEXPLORE.EXE]
[Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]
[Yahoo! China, 3, 0, 1, 1019]
[C:\PROGRA~1\Yahoo!\ASSIST~1\yscrblock.dll]
[Yahoo! China, 3, 0, 3, 1004]
[C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ykern.dll]
[Yahoo! China, 3, 2, 1, 1027]
[C:\Program Files\Internet Explorer\PLUGINS\SystemKb.sys]
[N/A, ]
[C:\PROGRA~1\Yahoo!\ASSIST~1\yaLive.dll]
[yahoo! china, 3, 5, 9, 1111]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll]
[Yahoo! China, 3, 0, 2, 1011]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar0.dll]
[yahoo! china, 3, 3, 4, 1104]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\ysearch.dll]
[Yahoo! China, 3, 1, 9, 1019]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasnoad.dll]
[yahoo! china, 3, 0, 3, 1005]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yzsNetProto.dll]
[Yahoo! China, 3, 0, 2, 1003]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll]
[Yahoo! China, 3, 0, 8, 1010]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yrss.dll]
[Yahoo! China, 3, 0, 4, 1005]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yaswiper.dll]
[Yahoo! China, 3, 0, 5, 1005]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasiesec.dll]
[Yahoo! China, 3, 0, 5, 1005]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YSETTI~2.DLL]
[yahoo! china, 3, 1, 5, 1026]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\ymailp.dll]
[Yahoo! China, 3, 0, 5, 1011]
[C:\PROGRA~1\Yahoo!\Assistant\yClickOn.dll]
[YAHOO Corporation Limited, 3, 0, 3, 1004]
[c:\progra~1\yahoo!\assist~1\jeurtntz.dll]
[N/A, ]
[c:\program files\google\googletoolbar2.dll]
[Google Inc., 4, 0, 1601, 4978]
[C:\Program Files\FlashGet\jccatch.dll]
[www.flashget.com, 1, 8, 1, 1006]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll]
[yahoo! china, 3, 0, 5, 1007]
[C:\Program Files\Tencent\QQ\QQIEHelper.dll]
[深圳市腾讯计算机系统有限公司, 1, 1, 0, 5]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~2.DLL]
[yahoo! china, 3, 0, 4, 1006]
[C:\Program Files\FlashGet\getflash.dll]
[www.flashget.com, 1, 8, 1, 1002]
[C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yassist.dll]
[Yahoo! China, 3, 1, 6, 1021]
[C:\Syswm1h\Ghook.dll]
[N/A, ]
[C:\DOCUME~1\t16633\LOCALS~1\Temp\Rav20.dll]
[N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll]
[N/A, ]
[C:\DOCUME~1\t16633\LOCALS~1\Temp\Qqzo0.dll]
[N/A, ]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scr_ch_pg.dll]
[Kaspersky Lab, 1.0.6.299]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\klscav.dll]
[Kaspersky Lab, 6.0.0.299]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll]
[Kaspersky Lab, 6.0.0.299]
[C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]
[Adobe Systems, Inc., 9,0,28,0]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yeheocx.dll]
[Yahoo! China, 9, 0, 4, 1015]
[PID: 1932][C:\DOCUME~1\t16633\LOCALS~1\Temp\Rar$EX30.662\SREng.EXE]
[Smallfrogs Studio, 2.4.12.806]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]
[Yahoo! China, 3, 0, 1, 1019]
[C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ykern.dll]
[Yahoo! China, 3, 2, 1, 1027]
[C:\Program Files\Internet Explorer\PLUGINS\SystemKb.sys]
[N/A, ]
[C:\Syswm1h\Ghook.dll]
[N/A, ]
[C:\DOCUME~1\t16633\LOCALS~1\Temp\Rav20.dll]
[N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll]
[N/A, ]
[C:\DOCUME~1\t16633\LOCALS~1\Temp\Qqzo0.dll]
[N/A, ]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scr_ch_pg.dll]
[Kaspersky Lab, 1.0.6.299]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\klscav.dll]
[Kaspersky Lab, 6.0.0.299]
==================================
文件关联
.TXT
OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE
OK. ["%1" %*]
.COM
OK. ["%1" %*]
.PIF
OK. ["%1" %*]
.REG
OK. [regedit.exe "%1"]
.BAT
OK. ["%1" %*]
.SCR
OK. ["%1" /S]
.CHM
OK. ["C:\WINDOWS\hh.exe" %1]
.HLP
OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI
OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF
OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS
OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS
OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK
OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
127.0.0.1
localhost
==================================
API HOOK
RVA
错误: LoadLibraryA (危险等级: 一般,
被下面模块所HOOK: Dest Addr: 0xF1F07B25)
RVA
错误: LoadLibraryExA (危险等级: 一般,
被下面模块所HOOK: Dest Addr: 0xF1F07D67)
RVA
错误: LoadLibraryExW (危险等级: 一般,
被下面模块所HOOK: Dest Addr: 0xF1F07F0B)
RVA
错误: LoadLibraryW (危险等级: 一般,
被下面模块所HOOK: Dest Addr: 0xF1F07C49)
RVA
错误: GetProcAddress (危险等级: 高,
被下面模块所HOOK: Dest Addr: 0xF1F07E8F)
==================================
隐藏进程
N/A
==================================
[/CODE] |
发表于 2007-4-3 11:21:45