打印

貌似中招了

Bats

开垦荒地的农民

Rank: 2

帖子: 66
N币: 958
注册时间: 2008-1-15

楼主# 大中小发表于 2008-2-1 07:43 只看该作者

貌似中招了

今天早上一开机，系统就说有什么程序运行不正常需要结束
而且一连来了十几次，程序名字都是数字：1、2、3、4、5、7、9……直到23才停下来（被我直接结束进程的）
后缀名都是.exe的
然后360提示有木马和未知项被加入到系统中，我全部点阻止了
现在的情况就是360开不了了，但是诺顿却能使用。现在杀毒中
还有一情况，C盘少了1G多。
这应该是中招了吧？求教一下解决办法。

TOP

梦花园

文武双全的领主

Rank: 6 Rank: 6

PC区GHOST

帖子: 2041
N币: 1648
注册时间: 2004-8-5

沙发# 大中小发表于 2008-2-1 09:11 只看该作者

貌似你没杀毒软件吧?360好像不能杀毒，只能找病毒,我说你还是去下个杀毒吧,因为现在的病毒不单就是一个什么蠕虫拉,木马拉,都是杂和的.所以你那些文件都是木马下过来的病毒文件,主病毒可能还寄宿在某个位置.一定要找出来...

TOP

Bats

开垦荒地的农民

Rank: 2

帖子: 66
N币: 958
注册时间: 2008-1-15

椅子# 大中小发表于 2008-2-1 10:28 只看该作者

引用:

原帖由 梦花园 于 2008-2-1 09:11 发表
貌似你没杀毒软件吧?360好像不能杀毒，只能找病毒,我说你还是去下个杀毒吧,因为现在的病毒不单就是一个什么蠕虫拉,木马拉,都是杂和的.所以你那些文件都是木马下过来的病毒文件,主病毒可能还寄宿在某个位置.一定要找出 ...

我说了，诺顿可以用。
查了一遍，只有2个。而且貌似不像是所谓的主病毒。

TOP

原始恶魔

死亡之神地狱的冥王

Rank: 9 Rank: 9 Rank: 9

赌神

帖子: 27347
N币: 68058
注册时间: 2002-10-4

板凳# 大中小发表于 2008-2-1 16:11 只看该作者

诺顿最新的病毒库？

昔人已乘黄鹤去，此地空余黄鹤楼。
黄鹤一去不复返，白云千载空悠悠。
晴川历历汉阳树，芳草萋萋鹦鹉洲。
日暮乡关何处是? 烟波江上使人愁。

TOP

哈曼大人

……

版主

Rank: 7 Rank: 7 Rank: 7

Great Hammer

帖子: 1474
N币: 1964
注册时间: 2005-8-23

地面# 大中小发表于 2008-2-1 16:49 只看该作者

刚才我的360也提示发现在SYSTEM下的2.EXE进程了直接结束了`

现在360打不了了...
病毒名称                      处理结果查杀方式          路径                                                                                                                   文件                                                                                                                   病毒来源
Trojan.DL.Win32.Mnless.wp    重新启动计算机后删除文件快捷方式查杀       C:\WINDOWS\system32                                                                                                    HDDGuard.dll                                                                                                          本机
Trojan.PSW.Win32.ZhengTu.ymx 重新启动计算机后删除文件快捷方式查杀       C:\WINDOWS\system32                                                                                                    utgnehz.dll>>upack0.34                                                                                                 本机

[ 本帖最后由哈曼大人于 2008-2-1 16:58 编辑 ]

上课睡觉可以，但不要打呼噜！

TOP

penglvjian

天界住民六翼的大天使

Rank: 8 Rank: 8

帖子: 5660
N币: 35871
注册时间: 2005-7-17

6^# 大中小发表于 2008-2-1 19:51 只看该作者

我也中过，最后修复了360后用机器狗木马病毒专杀工具搞定了

TOP

ZHIHUA

王国的雇佣兵

Rank: 3 Rank: 3

帖子: 258
N币: 1678
注册时间: 2004-1-29

7^# 大中小发表于 2008-2-1 20:47 只看该作者

找所谓的主病毒比较好的是用SRENG的智能扫描找，如果不会看日志可以发上来

1.exe这些一般都是靠机内的下载者木马或带下载功能的蠕虫下载来的，不解决源头，会一直烦下去

TOP

Bats

开垦荒地的农民

Rank: 2

帖子: 66
N币: 958
注册时间: 2008-1-15

8^# 大中小发表于 2008-2-2 07:28 只看该作者

现在怎么解决。用诺顿杀不出什么厉害的病毒来
今天早上又出现了和昨天一样的情况,估计都是木马。现在360开不了，怎么杀？

TOP

ZHIHUA

王国的雇佣兵

Rank: 3 Rank: 3

帖子: 258
N币: 1678
注册时间: 2004-1-29

9^# 大中小发表于 2008-2-2 10:51 只看该作者

引用:

原帖由 Bats 于 2008-2-2 07:28 发表
现在怎么解决。用诺顿杀不出什么厉害的病毒来
今天早上又出现了和昨天一样的情况,估计都是木马。现在360开不了，怎么杀？

找病毒源头用sreng的智能扫描功能，不会看日志就发上来。
360如果开不了，把360safe.exe改名为类似12.com之类的再运行试试

TOP

Bats

开垦荒地的农民

Rank: 2

帖子: 66
N币: 958
注册时间: 2008-1-15

10^# 大中小发表于 2008-2-2 11:26 只看该作者

引用:

原帖由 ZHIHUA 于 2008-2-2 10:51 发表

找病毒源头用sreng的智能扫描功能，不会看日志就发上来。
360如果开不了，把360safe.exe改名为类似12.com之类的再运行试试

用这方法打开了360.查到3、4个木马和一些恶评插件。已经全部清除了。
关于这个扫描日志，是这个吗？

复制内容到剪贴板

代码:

2008-02-02,11:24:24

System Repair Engineer 2.5.16.900

Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：

    所有的启动项目（包括注册表、启动文件夹、服务等）

    浏览器加载项

    正在运行的进程（包括进程模块信息）

    文件关联

    Winsock 提供者

    Autorun.inf

    HOSTS 文件

    进程特权扫描



启动项目

注册表

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]

    <MSMSGS><"C:\Program Files\Messenger\msmsgs.exe" /background>  [(Verified)Microsoft Windows Publisher]

    <Camfrog><"D:\cfc_49590\Camfrog Video Chat\CamfrogNet.exe" 0 D:\cfc_49590\Camfrog Video Chat\Camfrog Video Chat.exe>  [N/A]

    <eMuleAutoStart><E:\电驴\eMule\eMule.exe -AutoStart>  [(Verified)"Shanghai Source Networking Technology Co., Ltd"]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]

    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]

    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]

    <ATIPTA><C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe>  [ATI Technologies, Inc.]

    <SoundMan><SOUNDMAN.EXE>  [(Verified)Microsoft Windows Publisher]

    <IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>  [(Verified)Microsoft Corporation]

    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [(Verified)"RealNetworks, Inc."]

    <vptray><C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe>  [Symantec Corporation]

    <msmsgs><C:\Program Files\Internet Explorer\explorer.exe>  [N/A]

    <360Safetray><C:\Program Files\360safe\safemon\360Tray.exe /start>  [奇虎网]

    <VMSnap3><C:\WINDOWS\VMSnap3.EXE>  [ZSMCSNAP]

    <Domino><C:\WINDOWS\Domino.EXE>  [Vimicro]

    <BigDog303><C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)>  [N/A]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]

    <Userinit><C:\WINDOWS\system32\userinit.exe,>  []

    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

    <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll>  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]

    <WinlogonNotify: NavLogon><C:\WINDOWS\system32\NavLogon.dll>  []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]

    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]

    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]

    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]

    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]

    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]

    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]

    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]

    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]

==================================

启动文件夹

[QQ游戏启动加速程序]

  <C:\Documents and Settings\user\「开始」菜单\程序\启动\QQ游戏启动加速程序.lnk --> E:\QQ\QQGAME\Accel.exe [深圳市腾讯计算机系统有限公司]><N>

==================================

服务

[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]

  <C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>

[ATI Smart / ATI Smart][Stopped/Auto Start]

  <C:\WINDOWS\system32\ati2sgag.exe><>

[DefWatch / DefWatch][Running/Auto Start]

  <C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe><Symantec Corporation>

[Human Interface Device Access / HidServ][Stopped/Disabled]

  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>

[KailleraServer / KailleraServer][Stopped/Manual Start]

  <C:\WINDOWS\system32\kaillera\srvany.exe><N/A>

[kailleraServerJK / kailleraServerJK][Stopped/Manual Start]

  <C:\WINDOWS\system32\kaillera\srvany.exe><N/A>

[Symantec AntiVirus Client / Norton AntiVirus Server][Running/Auto Start]

  <C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe><Symantec Corporation>

[Windows pmvs RunThem / pmvs][Stopped/Auto Start]

  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\PROGRA~1\khqn\urax.dll><N/A>

==================================

驱动程序

[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]

  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>

[ATI2HDDSRV / ATI2HDDSRV][Running/Manual Start]

  <\??\C:\WINDOWS\system32\drivers\ati32srv.sys><N/A>

[ati2mtag / ati2mtag][Running/Manual Start]

  <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>

[deellglx / deellglx][Running/Boot Start]

  <\SystemRoot\System32\DRIVERS\deellglx.sys><Yahoo! China Corporation>

[DeepFree Update / DeepFree Update][Stopped/Manual Start]

  <\??\C:\WINDOWS\system32\drivers\pcihdd2.sys><N/A>

[Intel(R) PRO Adapter Driver / E100B][Stopped/Manual Start]

  <system32\DRIVERS\e100b325.sys><Intel Corporation>

[NAVAP / NAVAP][Running/Manual Start]

  <\??\C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAP.sys><Symantec Corporation>

[NAVAPEL / NAVAPEL][Running/Auto Start]

  <\??\C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPEL.SYS><Symantec Corporation>

[NAVENG / NAVENG][Running/Manual Start]

  <\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080201.007\NAVENG.sys><Symantec Corporation>

[NAVEX15 / NAVEX15][Running/Manual Start]

  <\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080201.007\NAVEX15.sys><Symantec Corporation>

[npkcrypt / npkcrypt][Stopped/Auto Start]

  <\??\E:\腾讯QQ场景编辑器\qq\npkcrypt.sys><N/A>

[Direct Parallel Link Driver / Ptilink][Running/Manual Start]

  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>

[QKeyServiceDisplay / QKeyService][Running/Boot Start]

  <\SystemRoot\system32\KeyCrypt.sys><Tencent Technology (Shenzhen) Company Limited>

[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]

  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>

[Secdrv / Secdrv][Running/Auto Start]

  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>

[SymEvent / SymEvent][Running/Manual Start]

  <\??\C:\Program Files\Symantec\SYMEVENT.SYS><Symantec Corporation>

[TesSafe / TesSafe][Stopped/Manual Start]

  <\??\C:\WINDOWS\system32\TesSafe.sys><TENCENT>

[vmfilter303 / vmfilter303][Running/Manual Start]

  <system32\drivers\vmfilter303.sys><Vimicro Corporation>

[wjrxiip / wjrxiipn][Stopped/Boot Start]

  <\SystemRoot\System32\DRIVERS\wjrxiipn.sys><N/A>

[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]

  <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>

[VIMICRO USB PC Camera / ZSMC301b][Stopped/Manual Start]

  <System32\Drivers\usbVM31b.sys><N/A>

[LEZER 303 PC Camera (Vimicro301 Neptune) / ZSMC303][Running/Manual Start]

  <System32\Drivers\usbVM303.sys><Vimicro Corporation>

[24296 / 24296][Running/]

  <2 - 系统找不到指定的文件。

><N/A>

[msskye / msskye][Stopped/Auto Start]

  <system32\DRIVERS\msaclue.sys><N/A>

==================================

浏览器加载项

[FG2CatchUrl]

  {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} <E:\QQ\FlashGet\ComDlls\bhoCATCH.dll, FlashGet>

[NavigatMon Class]

  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, N/A>

[信息检索(&R)]

  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>

[Messenger]

  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>

[Windows Genuine Advantage Validation Tool]

  {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\LegitCheckControl.DLL, Microsoft Corporation>

[WebActivater Control]

  {C661F36D-DF85-4EF4-83C7-E107B83D04B1} <C:\WINDOWS\system32\3DShowVM.ocx, QQ>

[Shockwave Flash Object]

  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx, Adobe Systems, Inc.>

[PasswordEditCtrl Class]

  {E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>

[ActiveMovieControl Object]

  {05589FA1-C356-11CE-BF01-00AA0055595A} <C:\WINDOWS\system32\msdxm.ocx, Microsoft Corporation>

[FG2CatchUrl]

  {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} <E:\QQ\FlashGet\ComDlls\bhoCATCH.dll, FlashGet>

[Windows Media Player]

  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\msdxm.ocx, Microsoft Corporation>

[HTML Document]

  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>

[DHTML Edit Control Safe for Scripting for IE5]

  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>

[IETag Factory]

  {38481807-CA0E-42D2-BF39-B33AF135CC4D} <C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\IETAG.DLL, Microsoft Corporation>

[XML Document]

  {48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\system32\msxml3.dll, N/A>

[Shell Name Space]

  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>

[WUWebControl Class]

  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>

[Windows Media Player]

  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>

[360SafeLive]

  {87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360safe\live.dll, 360safe.com>

[Microsoft Web 浏览器]

  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>

[RMGetLicense Class]

  {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation>

[WebVGPlayer Class]

  {AA899B43-24BD-4B6B-BBD0-45557D8D11E0} <C:\PROGRA~1\kt88\MyPlayer.dll, >

[Qzone Media Tools]

  {AC3A36A8-9BFF-410A-A33D-2279FFEB69D2} <E:\QQ\VQQPLA~1.OCX, Tencent Technology (Shenzhen) Company Limited>

[Microsoft Scriptlet Component]

  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>

[SearchAssistantOC]

  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>

[NavigatMon Class]

  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, N/A>

[RDS.DataSpace]

  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>

[WebActivater Control]

  {C661F36D-DF85-4EF4-83C7-E107B83D04B1} <C:\WINDOWS\system32\3DShowVM.ocx, QQ>

[AUDIO__MID Moniker Class]

  {CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>

[AUDIO__X_MS_WMA Moniker Class]

  {CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>

[VIDEO__X_MS_ASF Moniker Class]

  {CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>

[RealPlayer G2 Control]

  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>

[Shockwave Flash Object]

  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx, Adobe Systems, Inc.>

[TencentVmpCtl Class]

  {D9819BD5-422B-4281-8523-726466ED692B} <C:\Program Files\Tencent\Viewpoint Media Player\AxMetaStream.dll, Viewpoint Corporation>

[PasswordEditCtrl Class]

  {E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>

[IEDown Class]

  {F917534D-535B-416B-8E8F-0C04756C31A8} <C:\WINDOWS\system32\GLIEDown2.dll, 联众公司>

[FG2CatchUrl]

  {FB5DA724-162B-11D3-8B9B-AA70B4B0B525} <E:\QQ\FlashGet\ComDlls\bhoCATCH.dll, FlashGet>

[&使用快车(FlashGet)下载]

  <E:\QQ\FlashGet\ComDlls\Bholink.htm, N/A>

[&使用快车(FlashGet)下载全部链接]

  <E:\QQ\FlashGet\ComDlls\Bhoall.htm, N/A>

[导出到 Microsoft Office Excel(&X)]

  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>

[添加到QQ表情]

  <C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>

==================================

正在运行的进程

[PID: 428 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID: 492 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID: 516 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

    [C:\WINDOWS\system32\Ati2evxx.dll]  [ATI Technologies Inc., 6.14.10.4107]

    [C:\WINDOWS\system32\NavLogon.dll]  [N/A, ]

    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]

[PID: 560 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

    [C:\WINDOWS\AppPatch\AcAdProc.dll]  [Microsoft Corporation, 5.1.2600.3008 (xpsp.061004-0027)]

[PID: 572 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID: 720 / SYSTEM][C:\WINDOWS\system32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4107]

    [C:\WINDOWS\system32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2495]

[PID: 732 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID: 788 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID: 856 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

    [C:\WINDOWS\system32\wups2.dll]  [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]

[PID: 904 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID: 1032 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID: 1240 / user][C:\WINDOWS\system32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4107]

    [C:\WINDOWS\system32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2495]

[PID: 1276 / user][C:\WINDOWS\system32\userinit.exe]  [N/A, ]

    [C:\WINDOWS\system32\HDDGuard.dll]  [N/A, ]

[PID: 1300 / user][C:\windows\explorer.exe]  [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]

    [C:\WINDOWS\system32\WPDShServiceObj.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]

    [C:\WINDOWS\system32\PortableDeviceTypes.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]

    [C:\WINDOWS\system32\PortableDeviceApi.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]

    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]

    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]

    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]

    [D:\Unlocker1.8.5\UnlockerCOM.dll]  [N/A, ]

    [C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll]  [Symantec Corporation, 8.1.0.821]

[PID: 1376 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]

    [C:\WINDOWS\system32\mdimon.dll]  [Microsoft Corporation, 11.3.1897.0]

    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll]  [Microsoft Corporation, 11.3.1897.0]

[PID: 1588 / SYSTEM][C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe]  [Symantec Corporation, 8.1.0.821]

[PID: 1672 / SYSTEM][C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe]  [Symantec Corporation, 8.1.0.821]

    [C:\WINDOWS\system32\CBA.DLL]  [Intel? Corporation, 6.12.0.105 E]

    [C:\WINDOWS\system32\MsgSys.dll]  [Intel? Corporation, 6.12.0.105 E]

    [C:\WINDOWS\system32\NTS.dll]  [Intel? Corporation, 6.12.0.105 E]

    [C:\WINDOWS\system32\PDS.DLL]  [Intel? Corporation, 6.12.0.105 E]

    [C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVLU.dll]  [Symantec Corporation, 8.1.0.821]

    [C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVNTUTL.DLL]  [Symantec/Peter Norton Group, 1, 0, 0, 1]

    [C:\PROGRA~1\SYMANT~1\SYMANT~1\i2ldvp3.dll]  [Symantec Corporation, 8.1.0.821]

    [C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAPI32.DLL]  [Symantec Corp., 4.2.0.7]

    [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080201.007\NAVEX32a.DLL]  [Symantec Corporation, 20071.4.1.10]

    [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080201.007\NAVENG32.DLL]  [Symantec Corporation, 20071.4.1.10]

    [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAP32.DLL]  [Symantec Corporation, 9.1.0.26]

    [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vpmsece.dll]  [Symantec Corporation, 8.1.0.821]

[PID: 1760 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID: 356 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID: 976 / user][C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe]  [ATI Technologies, Inc., 6.14.10.5125]

    [C:\Program Files\ATI Technologies\ATI Control Panel\atipdsxx.dll]  [ATI Technologies, Inc., 6.14.10.5125]

    [C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATRPUIXX.CHS]  [ATI Technologies, Inc., 6.14.10.5125]

    [C:\Program Files\ATI Technologies\ATI Control Panel\atipdxxx.dll]  [ATI Technologies, Inc., 6.14.10.5125]

[PID: 1056 / user][C:\WINDOWS\SOUNDMAN.EXE]  [Realtek Semiconductor Corp., 5.1.02]

[PID: 612 / user][C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe]  [Symantec Corporation, 8.1.0.821]

    [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Cliscan.dll]  [Symantec Corporation, 8.1.0.821]

    [C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVNTUTL.DLL]  [Symantec/Peter Norton Group, 1, 0, 0, 1]

[PID: 1480 / user][C:\WINDOWS\VMSnap3.EXE]  [ZSMCSNAP, 3, 6, 818, 7]

    [C:\WINDOWS\system32\msdmo.dll]  [, ]

    [C:\WINDOWS\system32\VM303Prp.Ax]  [Vimicro, 3, 6, 411, 13]

    [C:\WINDOWS\system32\HDDGuard.dll]  [N/A, ]

[PID: 1488 / user][C:\WINDOWS\Domino.EXE]  [Vimicro, 4, 2, 1124, 6]

    [C:\WINDOWS\system32\msdmo.dll]  [, ]

[PID: 1496 / user][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

    [C:\WINDOWS\system32\HDDGuard.dll]  [N/A, ]

[PID: 680 / user][C:\Program Files\Messenger\msmsgs.exe]  [Microsoft Corporation, 4.7.3001]

    [C:\WINDOWS\system32\HDDGuard.dll]  [N/A, ]

[PID: 1424 / user][E:\电驴\eMule\eMule.exe]  [http://www.emule-project.net, 0.48.0.80126 Unicode]

    [E:\电驴\eMule\config\antiLeech.dll]  [http://xtreme-mod.net, 31]

    [E:\电驴\eMule\lang\zh_CN.dll]  [http://www.emule-project.net, 0.48.0.80126]

    [C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx]  [Adobe Systems, Inc., 9,0,115,0]

    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]

    [C:\WINDOWS\system32\HDDGuard.dll]  [N/A, ]

[PID: 1772 / user][D:\cfc_49590\Camfrog Video Chat\Camfrog Video Chat.exe]  [Camshare LLC, 4, 0, 0, 47]

    [D:\cfc_49590\Camfrog Video Chat\usability.dll]  [N/A, ]

    [D:\cfc_49590\Camfrog Video Chat\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]

    [D:\cfc_49590\Camfrog Video Chat\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]

    [D:\cfc_49590\Camfrog Video Chat\cfresource.dll]  [N/A, ]

    [D:\cfc_49590\Camfrog Video Chat\controls.dll]  [N/A, ]

    [D:\cfc_49590\Camfrog Video Chat\AnimationEmote.dll]  [N/A, ]

    [D:\cfc_49590\Camfrog Video Chat\ctrlelem_pack.dll]  [N/A, ]

    [D:\cfc_49590\Camfrog Video Chat\mdlg.dll]  [N/A, ]

    [D:\cfc_49590\Camfrog Video Chat\modules\addnotifylg.dll]  [, 1, 0, 0, 1]

    [D:\cfc_49590\Camfrog Video Chat\modules\cfhistlg.dll]  [Camshare LLC, 3.82.0.33]

    [D:\cfc_49590\Camfrog Video Chat\modules\chrl_ul_dlg.dll]  [N/A, ]

    [D:\cfc_49590\Camfrog Video Chat\modules\imdlg.dll]  [N/A, ]

    [D:\cfc_49590\Camfrog Video Chat\modules\medlg.dll]  [N/A, ]

    [D:\cfc_49590\Camfrog Video Chat\FileExch.dll]  [N/A, ]

    [D:\cfc_49590\Camfrog Video Chat\media.dll]  [Camshare LC, 3, 90, 0, 33]

    [D:\cfc_49590\Camfrog Video Chat\audiocodec.dll]  [Camshare LC, 3, 90, 0, 33]

    [D:\cfc_49590\Camfrog Video Chat\audiosource.dll]  [Camshare LC, 3, 90, 0, 33]

    [D:\cfc_49590\Camfrog Video Chat\videocodec.dll]  [Camshare LC, 3, 90, 0, 33]

    [D:\cfc_49590\Camfrog Video Chat\avcodec.dll]  [N/A, ]

    [D:\cfc_49590\Camfrog Video Chat\videosource.dll]  [Camshare LC, 3, 90, 0, 33]

    [D:\cfc_49590\Camfrog Video Chat\nwlayer.dll]  [N/A, ]

    [D:\cfc_49590\Camfrog Video Chat\modules\room_dlg.dll]  [N/A, ]

    [D:\cfc_49590\Camfrog Video Chat\modules\setlg.dll]  [, 1, 0, 0, 1]

    [D:\cfc_49590\Camfrog Video Chat\modules\smplelg.dll]  [N/A, ]

    [D:\cfc_49590\Camfrog Video Chat\modules\vwdlg.dll]  [N/A, ]

    [D:\cfc_49590\Camfrog Video Chat\modules\wizdlg.dll]  [, 1, 0, 0, 1]

    [D:\cfc_49590\Camfrog Video Chat\net\cmfrgnet.dll]  [N/A, ]

    [C:\WINDOWS\system32\msdmo.dll]  [, ]

    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]

    [C:\WINDOWS\system32\HDDGuard.dll]  [N/A, ]

[PID: 2468 / user][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

    [C:\WINDOWS\system32\HDDGuard.dll]  [N/A, ]

[PID: 2596 / user][C:\WINDOWS\system32\wuauclt.exe]  [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]

    [C:\WINDOWS\system32\wups2.dll]  [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]

[PID: 2808 / user][C:\PROGRA~1\360SAFE\safemon\360Tray.exe]  [奇虎网, 3, 6, 1, 1001]

    [C:\PROGRA~1\360SAFE\safemon\SafeKrnl.dll]  [奇虎网, 3, 6, 0, 1001]

    [C:\PROGRA~1\360SAFE\AntiAdwa.dll]  [360Safe.com, 3, 6, 1, 1001]

    [C:\PROGRA~1\360SAFE\live.dll]  [360safe.com, 1, 0, 1, 1020]

    [C:\WINDOWS\system32\HDDGuard.dll]  [N/A, ]

    [C:\WINDOWS\cccfaxxx.dll]  [N/A, ]

    [C:\WINDOWS\ymgqvvir.dll]  [N/A, ]

[PID: 3244 / user][E:\QQ\FlashGet\FlashGet.exe]  [FLASHGET, 2, 4, 1, 1142]

    [E:\QQ\FlashGet\storage.dll]  [FLASHGET, 2, 0, 0, 1003]

    [E:\QQ\FlashGet\dbghelp.dll]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]

    [E:\QQ\FlashGet\CrashRpt.dll]  [FlashGet, 1.0.0.1002]

    [E:\QQ\FlashGet\LiveUpdateUI.dll]  [FLASHGET, 1, 1, 0, 1002]

    [E:\QQ\FlashGet\modules\ComHelper\ComHelper.dll]  [FLASHGET, 1, 0, 0, 1002]

    [E:\QQ\FlashGet\modules\Downstat\Downstat.dll]  [FLASHGET, 1, 0, 0, 1008]

    [E:\QQ\FlashGet\modules\P4pclient\P4pclient.dll]  [ , 1, 0, 0, 1005]

    [E:\QQ\FlashGet\modules\SearchTop\SearchTop.dll]  [FLASHGET, 1, 0, 0, 1002]

    [E:\QQ\FlashGet\modules\Security\Security.dll]  [ FlashGet, 1, 0, 0, 1005]

    [E:\QQ\FlashGet\modules\SnapShot\SnapShot.dll]  [ FlashGet, 1, 0, 0, 1023]

    [E:\QQ\FlashGet\modules\SoBar\SoBar.dll]  [FLASHGET, 1, 0, 0, 1003]

    [E:\QQ\FlashGet\modules\TaskNotifier\tasknotifier.dll]  [FLASHGET, 1, 0, 0, 1002]

    [E:\QQ\FlashGet\modules\garage\garage.dll]  [FLASHGET, 1, 0, 0, 1002]

    [E:\QQ\FlashGet\btcore.dll]  [FLASHGET, 2.0.0.40]

    [E:\QQ\FlashGet\p2spmgr.dll]  [FLASHGET, 1, 7, 11, 23]

    [E:\QQ\FlashGet\p2snetio.dll]  [FLASHGET, 1, 0, 0, 7925]

    [E:\QQ\FlashGet\p2sprot.dll]  [FLASHGET, 1, 7, 11, 16]

    [E:\QQ\FlashGet\p2pprot.dll]  [FLASHGET, 1, 7, 11, 16]

    [E:\QQ\FlashGet\p2pcore.dll]  [FlashGet, 1.0.6.1071]

    [E:\QQ\FlashGet\btwrap.dll]  [FLASHGET, 1, 0, 1, 1007]

    [E:\QQ\FlashGet\p2spwrap.dll]  [FLASHGET, 1, 0, 1, 1008]

    [E:\QQ\FlashGet\hashgen.dll]  [FLASHGET, 1, 0, 0, 1]

    [E:\QQ\FlashGet\testwrap.dll]  [N/A, ]

    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]

    [C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx]  [Adobe Systems, Inc., 9,0,115,0]

    [C:\WINDOWS\system32\HDDGuard.dll]  [N/A, ]

    [C:\WINDOWS\cccfaxxx.dll]  [N/A, ]

    [C:\WINDOWS\ymgqvvir.dll]  [N/A, ]

[PID: 4064 / user][D:\mx_1.6.2.60cn\Maxthon_1.6.2.60cn\Maxthon\Maxthon.exe]  [Maxthon International Ltd., 1, 6, 2, 60]

    [D:\mx_1.6.2.60cn\Maxthon_1.6.2.60cn\Maxthon\maxzlib.dll]  [ , 1, 0, 0, 2]

    [C:\WINDOWS\system32\odbcbcp.dll]  [Microsoft Corporation, 2000.085.1117.00 (xpsp_sp2_rtm.040803-2158)]

    [C:\PROGRA~1\PASOFTS\ESales\bin\dbctrs8.dll]  [iAnywhere Solutions, Inc., 8.0.2.4272]

    [C:\PROGRA~1\COMMON~1\SYSTEM\MSMAPI\2052\MSMAPI32.DLL]  [Microsoft Corporation, 11.0.5601]

    [C:\Program Files\Common Files\Microsoft Shared\office11\mso.dll]  [Microsoft Corporation, 11.0.5606]

    [D:\mx_1.6.2.60cn\Maxthon_1.6.2.60cn\Maxthon\Services\RealTime\real_time.dll]  [, 1, 0, 0, 1]

    [C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx]  [Adobe Systems, Inc., 9,0,115,0]

    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]

    [C:\WINDOWS\system32\HDDGuard.dll]  [N/A, ]

    [C:\WINDOWS\cccfaxxx.dll]  [N/A, ]

    [C:\WINDOWS\ymgqvvir.dll]  [N/A, ]

[PID: 1740 / user][D:\sreng2\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]

[PID: 344 / user][D:\sreng2\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]

    [D:\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]

    [C:\WINDOWS\system32\HDDGuard.dll]  [N/A, ]

    [C:\WINDOWS\cccfaxxx.dll]  [N/A, ]

    [C:\WINDOWS\ymgqvvir.dll]  [N/A, ]

    [C:\WINDOWS\system32\rxdipuywow.dll]  [Microsoft Corporation, 5.1.2600.3099]

[PID: 1296 / user][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]

    [E:\QQ\FlashGet\ComDlls\bhoCATCH.dll]  [FlashGet, 2, 0, 2, 1011]

    [C:\WINDOWS\system32\msxmlfilta.dll]  [Microsoft Corporation, 1.0.0.1]

    [C:\WINDOWS\system32\HDDGuard.dll]  [N/A, ]

    [C:\WINDOWS\cccfaxxx.dll]  [N/A, ]

    [C:\WINDOWS\ymgqvvir.dll]  [N/A, ]

    [C:\WINDOWS\system32\rxdipuywow.dll]  [Microsoft Corporation, 5.1.2600.3099]

==================================

文件关联

.TXT  Error. [C:\WINDOWS\notepad.exe %1]

.EXE  OK. ["%1" %*]

.COM  OK. ["%1" %*]

.PIF  OK. ["%1" %*]

.REG  OK. [regedit.exe "%1"]

.BAT  OK. ["%1" %*]

.SCR  OK. ["%1" /S]

.CHM  Error. ["hh.exe" %1]

.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]

.INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]

.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]

.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]

.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]

.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================

Winsock 提供者

N/A

==================================

Autorun.inf

N/A

==================================

HOSTS 文件

127.0.0.1       localhost

127.0.0.1  yu.8s7.net

127.0.0.1  1.jopanqc.com

127.0.0.1  2.joppnqq.com

127.0.0.1  wg.47255.com

127.0.0.1  1.joppnqq.com

127.0.0.1  xxx.m111.biz

127.0.0.1  1.jopenqc.com

127.0.0.1  1.jopenkk.com

127.0.0.1  xxx.vh7.biz

127.0.0.1  xxx.j41m.com

127.0.0.1  3.joppnqq.com

127.0.0.1  d.93se.com

127.0.0.1  www.868wg.com

127.0.0.1  xxx.mmma.biz

127.0.0.1  ilove.com

127.0.0.1  tp.shpzhan.cn

127.0.0.1  www.tomwg.com

127.0.0.1  www.177dvd.cn

127.0.0.1  www.cike007.cn

127.0.0.1  www.22aaa.com

127.0.0.1  xx.exiao01.com

127.0.0.1  www.exiao01.com

127.0.0.1  www.exiao01.com

127.0.0.1  new.749571.com

127.0.0.1  xtx.kv8.info

127.0.0.1  cao.kv8.info

127.0.0.1  1.jopmmqq.com

127.0.0.1  171817.171817.com

127.0.0.1  d2.llsging.com

127.0.0.1  down.malasc.cn

127.0.0.1  llboss.com

127.0.0.1  nx.51ylb.cn

127.0.0.1  my.531jx.cn

127.0.0.1  qqq.dzydhx.com

127.0.0.1  qqq.hao1658.com

127.0.0.1  www.333292.com

127.0.0.1  down.18dd.net

127.0.0.1  up.22x44.com

==================================

进程特权扫描

特殊特权被允许： SeLoadDriverPrivilege [PID = 976, C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE]

特殊特权被允许： SeLoadDriverPrivilege [PID = 612, C:\PROGRA~1\SYMANT~1\SYMANT~1\VPTRAY.EXE]

特殊特权被允许： SeLoadDriverPrivilege [PID = 1480, C:\WINDOWS\VMSNAP3.EXE]

特殊特权被允许： SeLoadDriverPrivilege [PID = 1488, C:\WINDOWS\DOMINO.EXE]

特殊特权被允许： SeLoadDriverPrivilege [PID = 1772, D:\CFC_49590\CAMFROG VIDEO CHAT\CAMFROG VIDEO CHAT.EXE]

特殊特权被允许： SeDebugPrivilege [PID = 2808, C:\PROGRA~1\360SAFE\SAFEMON\360TRAY.EXE]

特殊特权被允许： SeLoadDriverPrivilege [PID = 2808, C:\PROGRA~1\360SAFE\SAFEMON\360TRAY.EXE]

特殊特权被允许： SeLoadDriverPrivilege [PID = 4064, D:\MX_1.6.2.60CN\MAXTHON_1.6.2.60CN\MAXTHON\MAXTHON.EXE]

==================================

API HOOK

N/A

==================================

隐藏进程

N/A

==================================

[ 本帖最后由 Bats 于 2008-2-2 11:31 编辑 ]

TOP

Bats

开垦荒地的农民

Rank: 2

帖子: 66
N币: 958
注册时间: 2008-1-15

11^# 大中小发表于 2008-2-2 11:31 只看该作者

现在用了一次360后，又突然自动关闭了。
之后又开启不了了，点那个12.com的方法也不行了...

TOP

ZHIHUA

王国的雇佣兵

Rank: 3 Rank: 3

帖子: 258
N币: 1678
注册时间: 2004-1-29

12^# 大中小发表于 2008-2-2 18:09 只看该作者

主要问题找到了，是早期版本的机器狗，加一些木马

拷一个正常的userinit.exe到system32目录下覆盖同名的，没有的可以用我发上来的
如果不能覆盖，新建一个记事本，输入如下内容：
@echo off
taskkill /f /im userinit.exe
del userinit.exe /f/q/a
将这个记事本文件保存为kill.bat，双击运行。然后将正常的Userinit.exe放到system32目录中。

sreng中操作

启动项中删除
<msmsgs><C:\Program Files\Internet Explorer\explorer.exe>  [N/A]
服务中删除
[Windows pmvs RunThem / pmvs][Stopped/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\PROGRA~1\khqn\urax.dll><N/A>
驱动中删除
[ATI2HDDSRV / ATI2HDDSRV][Running/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\ati32srv.sys><N/A>
[DeepFree Update / DeepFree Update][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\pcihdd2.sys><N/A>
[wjrxiip / wjrxiipn][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\wjrxiipn.sys><N/A>
[24296 / 24296][Running/]
  <2 - 系统找不到指定的文件。
><N/A>
[msskye / msskye][Stopped/Auto Start]
  <system32\DRIVERS\msaclue.sys><N/A>

重启后或用你已经有的unlocker删除上面提到的除userinit.exe以外的文件和下面的几个

[C:\WINDOWS\system32\HDDGuard.dll]  [N/A, ]
[C:\WINDOWS\cccfaxxx.dll]  [N/A, ]
[C:\WINDOWS\ymgqvvir.dll]  [N/A, ]
  [C:\WINDOWS\system32\rxdipuywow.dll]

[ 本帖最后由 ZHIHUA 于 2008-2-2 18:10 编辑 ]

附件: 您所在的用户组无法下载或查看附件

TOP

Bats

开垦荒地的农民

Rank: 2

帖子: 66
N币: 958
注册时间: 2008-1-15

13^# 大中小发表于 2008-2-2 18:34 只看该作者

谢谢LS的方法。不过现在有两个问题~

引用:

拷一个正常的userinit.exe到system32目录下覆盖同名的，没有的可以用我发上来的
如果不能覆盖，新建一个记事本，输入如下内容：
@echo off
taskkill /f /im userinit.exe
del userinit.exe /f/q/a
将这个记事本文件保存为kill.bat，双击运行。然后将正常的Userinit.exe放到system32目录中。

的确不能直接覆盖，所以用了你的方法。但是覆盖后发现修改日期还是8月8日的，但是你给的那个文件，修改日期却是8月17日。这是不是还有问题？

还有就是最后那段话是什么意思？

引用:

重启后或用你已经有的unlocker删除上面提到的除userinit.exe以外的文件和下面的几个

[C:\WINDOWS\system32\HDDGuard.dll]  [N/A, ]
[C:\WINDOWS\cccfaxxx.dll]  [N/A, ]
[C:\WINDOWS\ymgqvvir.dll]  [N/A, ]
  [C:\WINDOWS\system32\rxdipuywow.dll]

就是先重启再执行这操作？
Unlocker删除哪些东西？下面的几个文件又到哪里去删？

TOP