八达网

标题: 有困难，找8DA，万能的8DA啊，给我个杀木马病毒的利器吧！我要抓狂了 [打印本页]

---

作者: 8dacc    时间: 2009-1-17 22:03
标题: 有困难，找8DA，万能的8DA啊，给我个杀木马病毒的利器吧！我要抓狂了
系统重新装了2次了，还是有病毒，乱开进程，IE错误，什么错误都有，
全是数字的进程5、6个，没办法了

---

作者: 淅灵神见    时间: 2009-1-17 22:05
。。。。听说过落雪么?
D盘E盘F盘==盘的AUTORAN。。

---

作者: kkk1234486    时间: 2009-1-17 22:05
提示: 作者被禁止或删除 内容自动屏蔽

---

作者: 2Ber    时间: 2009-1-17 22:06
提示: 作者被禁止或删除 内容自动屏蔽

---

作者: 古妮娅    时间: 2009-1-17 22:06
提示: 作者被禁止或删除 内容自动屏蔽

---

作者: 2Ber    时间: 2009-1-17 22:07
提示: 作者被禁止或删除 内容自动屏蔽

---

作者: 厂长    时间: 2009-1-17 22:07
提示: 作者被禁止或删除 内容自动屏蔽

---

作者: a2_lovely    时间: 2009-1-17 22:08

NOD32       www.duote.com上有试用版   时间基本上可以用到你死的那天

如果是杀毒软件达人的话  应该都知道 NOD32 这款全球享誉盛名的杀毒软件  极其牛逼的同时 耗费机器资源微乎其微 。
厂长 发表于 2009-1-17 22:07

....我一直用NOD32

---

作者: 卡尔-兰德里    时间: 2009-1-17 22:12
瑞星。。。

---

作者: 加内特    时间: 2009-1-17 22:12
备份资料，重新分区

---

作者: 古妮娅    时间: 2009-1-17 22:16
提示: 作者被禁止或删除 内容自动屏蔽

---

作者: xhb221    时间: 2009-1-17 22:16
提示: 作者被禁止或删除 内容自动屏蔽

---

作者: a2_lovely    时间: 2009-1-17 22:17
全部格式化 一个不放过

---

作者: PPLN    时间: 2009-1-17 22:17
扫个报告看看

---

作者: kkk1234486    时间: 2009-1-17 22:18
提示: 作者被禁止或删除 内容自动屏蔽

---

作者: 8dacc    时间: 2009-1-17 22:29
你们说的烧个报告是什么意思嘛，我没烧过啊

---

作者: 古妮娅    时间: 2009-1-17 22:41
提示: 作者被禁止或删除 内容自动屏蔽

---

作者: 8dacc    时间: 2009-1-17 22:48
马上少妙出来，吗哟，老子以后要是听到哪个是做病毒的一定打得他吗都认不到

---

作者: Aphrodite    时间: 2009-1-17 22:49
你的其他盘有问题 再怎么装系统都是白搭

全盘格式化完  下哥杀软 整哥防火墙
然后注意上网习惯

关自动播放  u盘使用特别注意

---

作者: Aphrodite    时间: 2009-1-17 22:49
你的其他盘有问题 再怎么装系统都是白搭

全盘格式化完  下哥杀软 整哥防火墙
然后注意上网习惯

关自动播放  u盘使用特别注意

---

作者: 8dacc    时间: 2009-1-17 22:49
马上少妙出来，吗哟，老子以后要是听到哪个是做病毒的一定打得他吗都认不到

---

作者: 8dacc    时间: 2009-1-17 22:49
马上少妙出来，吗哟，老子以后要是听到哪个是做病毒的一定打得他吗都认不到

---

作者: 8dacc    时间: 2009-1-17 22:49
马上少妙出来，吗哟，老子以后要是听到哪个是做病毒的一定打得他吗都认不到

---

作者: 8dacc    时间: 2009-1-17 22:50
8DA又侧漏了？怎么回复1个是几个？

---

作者: 8dacc    时间: 2009-1-17 22:50
2009-01-17,22:50:35

System Repair Engineer 2.7.0.1210
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
进程特权扫描
计划任务
API HOOK
隐藏进程


启动项目


注册表

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
(ctfmon.exe)(C:\WINDOWS\system32\ctfmon.exe) [(Infected) Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
(load)() [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
(nwiz)(nwiz.exe /install) []
(RTHDCPL)(RTHDCPL.EXE) [(Verified)Microsoft Windows Hardware Compatibility Publisher]
(Alcmtr)(ALCMTR.EXE) [(Verified)Microsoft Windows Hardware Compatibility Publisher]
(Windows木马防火墙)(D:\个人资料管理\Administrator\桌面\mmsk\Trojanwall.exe) [风云谷科技]
(NvCplDaemon)(RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup) [(Verified)Microsoft Windows Hardware Compatibility Publisher]
(HBService32)(System.exe) [HB Software]
(nod32kui)("C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE) [Eset ]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
(Alcmtr)(anymie360.exe) []
(ctfn)(C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\457416) []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
(shell)(Explorer.exe) [(Verified)Microsoft Windows Component Publisher]
(Userinit)(C:\WINDOWS\system32\userinit.exe,) [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
(AppInit_DLLs)(ieebhibb.dll,HBCHIBI.dll,fgfinafd.dll,jibgmeng.dll,lalnhdbf.dll,fojeijod.dll,egiafooh.dll,fhgeogbg.dll,aalcjjpg.dll,cmahmoni.dll,dmdpggja.dll,cffhhleo.dll,bbnefkea.dll,dpkkacma.dll) []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
(UIHost)(logonui.exe) [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
({AEB6717E-7E19-11d0-97EE-00C04FD91972})(shell32.dll) [(Verified)Microsoft Windows Component Publisher]
({47665FA5-FCF5-4444-B552-DF6549ECCA27})(C:\Program Files\Internet Explorer\UzsKtNt.Zs3) []
({2EEB12BB-4899-4229-8518-9BD1E5E211A2})(C:\WINDOWS\system32\ieebhibb.dll) []
({F0F27AFD-0C91-40B3-B5C0-32175CB5AE65})(C:\WINDOWS\system32\fgfinafd.dll) []
({32B06E70-7A19-43B2-9C67-0BDED9FDB3F9})(C:\WINDOWS\system32\jibgmeng.dll) []
({5A571DBF-6102-4330-8545-9FE0455260B1})(C:\WINDOWS\system32\lalnhdbf.dll) []
({F83E238D-CC67-4439-A6A2-E901FB46677D})(C:\WINDOWS\system32\fojeijod.dll) []
({E02AF881-6DD6-4E41-9EE5-8E82CDA9E14A})(C:\WINDOWS\system32\egiafooh.dll) []
({F10E80B0-5632-4159-B55A-791636775ED9})(C:\WINDOWS\system32\fhgeogbg.dll) []
({AA5C3390-F1DD-4F78-8583-E85C8699A980})(C:\WINDOWS\system32\aalcjjpg.dll) []
({C6A16872-4C3E-4548-9361-C8A1E0E8FD4B})(C:\WINDOWS\system32\cmahmoni.dll) []
({D6D9003A-431B-41B7-BACE-CC90BCE854C3})(C:\WINDOWS\system32\dmdpggja.dll) []
({CFF115E8-1030-4AA1-8B12-AF660B6C405F})(C:\WINDOWS\system32\cffhhleo.dll) []
({BB7EF4EA-EAB4-4942-82DC-747C53CE70E0})(C:\WINDOWS\system32\bbnefkea.dll) []
({D944AC6A-38B5-4550-AB1A-030D1DE88A8E})(C:\WINDOWS\system32\dpkkacma.dll) []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
(PostBootReminder)(%SystemRoot%\system32\SHELL32.dll) [(Verified)Microsoft Windows Component Publisher]
(CDBurn)(%SystemRoot%\system32\SHELL32.dll) [(Verified)Microsoft Windows Component Publisher]
(WebCheck)(%SystemRoot%\system32\webcheck.dll) [(Verified)Microsoft Windows Publisher]
(SysTray)(C:\WINDOWS\system32\stobject.dll) [(Verified)Microsoft Windows Publisher]
(2EEB12BB)(C:\WINDOWS\system32\ieebhibb.dll) []
(F0F27AFD)(C:\WINDOWS\system32\fgfinafd.dll) []
(32B06E70)(C:\WINDOWS\system32\jibgmeng.dll) []
(5A571DBF)(C:\WINDOWS\system32\lalnhdbf.dll) []
(F83E238D)(C:\WINDOWS\system32\fojeijod.dll) []
(E02AF881)(C:\WINDOWS\system32\egiafooh.dll) []
(F10E80B0)(C:\WINDOWS\system32\fhgeogbg.dll) []
(AA5C3390)(C:\WINDOWS\system32\aalcjjpg.dll) []
(C6A16872)(C:\WINDOWS\system32\cmahmoni.dll) []
(D6D9003A)(C:\WINDOWS\system32\dmdpggja.dll) []
(CFF115E8)(C:\WINDOWS\system32\cffhhleo.dll) []
(BB7EF4EA)(C:\WINDOWS\system32\bbnefkea.dll) []
(D944AC6A)(C:\WINDOWS\system32\dpkkacma.dll) []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
(WinlogonNotify: crypt32chain)(crypt32.dll) [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
(WinlogonNotify: cryptnet)(cryptnet.dll) [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
(WinlogonNotify: cscdll)(cscdll.dll) [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
(WinlogonNotify: ScCertProp)(wlnotify.dll) [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
(WinlogonNotify: Schedule)(wlnotify.dll) [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
(WinlogonNotify: sclgntfy)(sclgntfy.dll) [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
(WinlogonNotify: SensLogn)(WlNotify.dll) [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
(WinlogonNotify: termsrv)(wlnotify.dll) [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
(WinlogonNotify: wlballoon)(wlnotify.dll) [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
({438755C2-A8BA-11D1-B96B-00A0C90312E1})(%SystemRoot%\system32\browseui.dll) [(Verified)Microsoft Windows Component Publisher]
({8C7461EF-2B13-11d2-BE35-3078302C2030})(%SystemRoot%\system32\browseui.dll) [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\){22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
(Microsoft Windows Media Player)(C:\WINDOWS\inf\unregmp2.exe /ShowWMP) [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\){26923b43-4d38-484f-9b9e-de460746276c}]
(Internet Explorer)(%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE) [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\){60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
(浏览器自定义组件)(RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP) [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\){881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
(Outlook Express)(%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE) [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
(Themes Setup)(%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll) [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
(Microsoft Outlook Express 6)("%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install) [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
(NetMeeting 3.01)(rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Remove.PerUser.NT) [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
(Windows Messenger 4.7)(rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser) [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
(通讯簿 6)("%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install) [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
(Windows 桌面更新)(regsvr32.exe /s /n /i:U shell32.dll) [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
(Internet Explorer 6)(%SystemRoot%\system32\ie4uinit.exe) [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Control Panel\Desktop]
(SCRNSAVE.EXE)(C:\WINDOWS\System32\桌面下雪.scr) [Nord-Tec Software Engineering]




--------------------------------------------------------------------------------



启动文件夹

N/A



--------------------------------------------------------------------------------



服务

[Contrl Center of Storm Media / ccosm][Running/Auto Start]
(C:\Program Files\StormII\stormliv.exe /asservice)(北京暴风网际科技有限公司)
[DCOM Server Process Launcher / DcomLaunch][Running/Auto Start]
(C:\WINDOWS\system32\svchost -k DcomLaunch--)%SystemRoot%\system32\rpcss.dll)(N/A)
[Winlognetoworker Managerser / DiskerManagerse][Stopped/Auto Start]
(C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\Officemanagera.ini)(Microsoft Windows Explorer)
[Help and Support / helpsvc][Stopped/Disabled]
(C:\WINDOWS\System32\svchost.exe -k netsvcs--)%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll)(N/A)
[HID Input Service / HidServ][Stopped/Auto Start]
(C:\WINDOWS\System32\svchost.exe -k netsvcs--)%SystemRoot%\System32\hidserv.dll)(N/A)
[Microsoftnetwork gervice / Microsoftmanager][Stopped/Auto Start]
(C:\Documents and Settings\All Users\Application Data\Microsoft\Micsofoffice1.exe)(N/A)
[NetMeeting Remote Desktop Sharing / mnmsrvc][Stopped/Manual Start]
()((File is missing))
[NOD32 Kernel Service / NOD32krn][Running/Auto Start]
("C:\Program Files\Eset\nod32krn.exe")(Eset)
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
(C:\WINDOWS\system32\nvsvc32.exe)(NVIDIA Corporation)
[Remote Procedure Call (RPC) / RpcSs][Running/Auto Start]
(C:\WINDOWS\system32\svchost -k rpcss--)c:\windows\system32\rpcss.dll)(N/A)
[Windows Time / W32Time][Stopped/Auto Start]
(C:\D--)C:\WINDOWS\system32\w32time.dll)()
[Automatic Updates / wuauserv][Stopped/Auto Start]
(t%\sy--)C:\WINDOWS\system32\wuauserv.dll)(Microsoft Corporation)



--------------------------------------------------------------------------------



驱动程序

[2310_00 / 2310_00][Stopped/Boot Start]
(\SystemRoot\system32\DRIVERS\2310_00.sys)(HighPoint Technologies, Inc.)
[3wareDrv / 3wareDrv][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\3wareDrv.sys)(N/A)
[3waregsm / 3waregsm][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\3waregsm.sys)(N/A)
[a320raid / a320raid][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\a320raid.sys)(Adaptec, Inc.)
[aaatimeo / aaatimeo][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\aaatimeo.sys)(Microsoft Corporation)
[Adaptec RAID Miniport Driver / aac][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\aac.sys)(Adaptec, Inc.)
[Adaptec SAS/SATA-II RAID Miniport Driver / aacsas][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\aacsas.sys)(Adaptec, Inc.)
[aar1210 / aar1210][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\aar1210.sys)(Adaptec, Inc.)
[adp94xx / adp94xx][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\adp94xx.sys)(Adaptec, Inc.)
[adpu160m / adpu160m][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\adpu160m.sys)(Adaptec, Inc.)
[adpu320 / adpu320][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\adpu320.sys)(Adaptec, Inc.)
[ACARD AEC6210UF UltraDMA33 Controller / aec6210][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\aec6210.sys)(ACARD Technology Corp.)
[ACARD AEC6260 UltraDMA-66 Controller / aec6260][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\aec6260.sys)(ACARD Technology Corp.)
[aec6280 / aec6280][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\aec6280.sys)(ACARD Technology Corp.)
[aec6290 / aec6290][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\aec6280.sys)(ACARD Technology Corp.)
[aec67160 / aec67160][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\aec67160.sys)(ACARD Technology Corp.)
[AEC671X / AEC671X][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\AEC671X.sys)(ACARD Technology Corp.)
[AEC6880 / AEC6880][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\AEC6880.sys)(ACARD Technology Corp.)
[aec6897 / aec6897][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\aec6897.sys)(ACARD Technology Corp.)
[aec68x5 / aec68x5][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\aec68x5.sys)(ACARD Technology Corp.)
[AFAMgt / AFAMgt][Running/Boot Start]
(\SystemRoot\system32\DRIVERS\afamgt.sys)(Adaptec, Inc.)
[ahcix86 / ahcix86][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\ahcix86.sys)(ATI Technologies Inc.)
[AliIde / AliIde][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\aliide.sys)(ALi Corporation)
[AMD AGP Bus Filter Driver / amdagp][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\amdagp.sys)(Advanced Micro Devices, Inc.)
[amdbusdr / amdbusdr][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\amdbusdr.sys)(AMD)
[AMD EIDE 驱动程衼E / amdeide][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\AmdEide.sys)(AMD)
[AMON / AMON][Running/Auto Start]
(\SystemRoot\system32\drivers\amon.sys)(Eset)
[arcm_x86 / arcm_x86][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\arcm_x86.sys)(ARECA Technology Corporation)
[asc / asc][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\asc.sys)(Advanced System Products, Inc.)
[asc3550 / asc3550][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\asc3550.sys)(Advanced System Products, Inc.)
[SiI-3112 SATALink Controller / ASH1205][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\ASH1205.sys)(Silicon Image, Inc.)
[ata1200a / ata1200a][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\ata1200a.sys)(Adaptec, Inc.)
[atiide / atiide][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\atiide.sys)(ATI Technologies Inc.)
[Promise driver accelerator / bb-run][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\bb-run.sys)(Promise Technology, Inc.)
[cda1000 / cda1000][Stopped/Boot Start]
(\SystemRoot\system32\DRIVERS\cda1000.sys)(Adaptec, Inc.)
[DELL CERC SATA 1.5/6ch RAID Miniport Driver / cercsr6][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\cercsr6.sys)(Adaptec, Inc.)
[CmdIde / CmdIde][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\cmdide.sys)(CMD Technology, Inc.)
[Cpq32fs2 / Cpq32fs2][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\Cpq32fs2.sys)(Hewlett-Packard Company)
[cpqarry2 / cpqarry2][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\cpqarry2.sys)(Compaq Computer Corporation)
[cpqcissm / cpqcissm][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\cpqcissm.sys)(Hewlett-Packard Company)
[dac2w2k / dac2w2k][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\dac2w2k.sys)(Mylex Corporation)
[dac960nt / dac960nt][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\dac960nt.sys)(Mylex Corporation)
[Promise Removable Disk Control Driver / dontgo][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\DontGo.sys)(Promise Technology, Inc.)
[dpti2o / dpti2o][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\dpti2o.sys)(Adaptec, Inc.)
[Creative AudioPCI (ES1371,ES1373) (WDM) / es1371][Stopped/Manual Start]
(system32\drivers\es1371mp.sys)(Creative Technology Ltd.)
[FastSx / FastSx][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\FastSx.sys)(Promise Technology, Inc.)
[fasttrak / fasttrak][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\fasttrak.sys)(Promise Technology, Inc.)
[fasttx2k / fasttx2k][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\fasttx2k.sys)(Promise Technology, Inc.)
[FTCkillfile / FTCkillfile][Stopped/Manual Start]
(System32\Drivers\FTCkillfile.sys)(风云谷科技)
[FTCProtect / FTCProtect][Stopped/Manual Start]
(System32\Drivers\FTCProtect.sys)(风云谷科技)
[fttxr52P / fttxr52P][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\fttxr52P.sys)(Promise Technology, Inc.)
[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start]
(system32\DRIVERS\HDAudBus.sys)(Windows (R) Server 2003 DDK provider)
[HpCISSm2 / HpCISSm2][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\HpCISSm2.sys)(Hewlett-Packard Company)
[Hpt366 / Hpt366][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\Hpt366.sys)(Microsoft Corporation)
[hpt374 / hpt374][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\hpt374.sys)(HighPoint Technologies, Inc.)
[hpt3xx / hpt3xx][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\hpt3xx.sys)(HighPoint Technologies, Inc.)
[hptmv / hptmv][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\hptmv.sys)(HighPoint Technologies, Inc.)
[hptmv6 / hptmv6][Stopped/Boot Start]
(\SystemRoot\system32\DRIVERS\hptmv6.sys)(HighPoint Technologies, Inc.)
[hptpro / hptpro][Stopped/Boot Start]
(\SystemRoot\system32\DRIVERS\hptpro.sys)(HighPoint Technologies, Inc.)
[Intel RAID Controller / iaStor][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\iaStor.sys)(Intel Corporation)
[Intel RAID Controller / iaStor55][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\iaStor55.sys)(Intel Corporation)
[Intel RAID Controller / iaStor70][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\iaStor70.sys)(Intel Corporation)
[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]
(system32\drivers\RtkHDAud.sys)(Realtek Semiconductor Corp.)
[IBM ServeRAID Device Driver / ipsraidn][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\ipsraidn.sys)(IBM Corporation)
[ITERAID_Service_Install / iteraid][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\iteraid.sys)(Integrated Technology Express, Inc.)
[JRAID / JRAID][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\jraid.sys)(JMicron Technology Corp.)
[m5228 / m5228][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\m5228.sys)(ALi Corporation.)
[m5281 / m5281][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\m5281.sys)(ALi Corporation)
[m5287 / m5287][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\m5287.sys)(ULi Electronics Inc.)
[m5288 / m5288][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\m5288.sys)(ULi Electronics Inc.)
[m5289 / m5289][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\m5289.sys)(ULi Electronics Inc.)
[MegaIDE / MegaIDE][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\MegaIDE.sys)(LSI Logic Corporation.)
[mraid35x / mraid35x][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\mraid35x.sys)(American Megatrends Inc.)
[msiffei / msiffei][Stopped/Manual Start]
(System32\Drivers\msiffei.sys)(N/A)
[mv614x / mv614x][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\mv614x.sys)(N/A)
[mv61xx / mv61xx][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\mv61xx.sys)(Marvell Semiconductor, Inc.)
[mvSata / mvSata][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\mvsata.sys)(Marvell Semiconductors Inc.)
[IBM ServeRAID 4M/4L/4Mx/4Lx/5i/6M/6i/7k Device Driver / nfrd960][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\nfrd960.sys)(IBM Corporation)
[nod32drv / nod32drv][Running/System Start]
(\SystemRoot\system32\drivers\nod32drv.sys)(N/A)
[nv / nv][Running/Manual Start]
(system32\DRIVERS\nv4_mini.sys)(NVIDIA Corporation)
[nvatabus / nvatabus][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\nvatabus.sys)(NVIDIA Corporation)
[nvgts / nvgts][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\nvgts.sys)(NVIDIA Corporation)
[NVIDIA nForce(tm) RAID Class Driver / nvraid][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\nvraid.sys)(NVIDIA Corporation)
[NVIDIA nForce RAID Driver / nvrd32][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\nvrd32.sys)(NVIDIA Corporation)
[AMD PCNET Compatable Adapter Driver / PCnet][Stopped/Manual Start]
(system32\DRIVERS\pcntpci5.sys)(AMD Inc.)
[CMD IDE Raid Controller / Pnp649r][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\pnp649r.sys)(CMD Technology, Inc.)
[SiI 680 ATA Controller / Pnp680][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\pnp680.sys)(Silicon Image, Inc.)
[Silicon Image SiI 0680 Medley Raid Controller / Pnp680r][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\pnp680r.sys)(Silicon Image, Inc)
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
(system32\DRIVERS\ptilink.sys)(Parallel Technologies, Inc.)
[ql1080 / ql1080][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\ql1080.sys)(QLogic Corporation)
[ql12160 / ql12160][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\ql12160.sys)(QLogic Corporation)
[ql1280 / ql1280][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\ql1280.sys)(QLogic Corporation)
[ql2100 / ql2100][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\ql2100.sys)(QLogic Corporation)
[ql2200 / ql2200][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\ql2200.sys)(QLogic Corporation)
[QLogic Fibre Channel SCSI Miniport Driver (w32 IP) / ql2300][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\ql2300.sys)(QLogic Corporation)
[raidsrc / raidsrc][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\raidsrc.sys)(Intel)
[rr172x / rr172x][Stopped/Boot Start]
(\SystemRoot\system32\DRIVERS\rr172x.sys)(HighPoint Technologies, Inc.)
[rr174x / rr174x][Stopped/Boot Start]
(\SystemRoot\system32\DRIVERS\rr174x.sys)(HighPoint Technologies, Inc.)
[rr232x / rr232x][Stopped/Boot Start]
(\SystemRoot\system32\DRIVERS\rr232x.sys)(HighPoint Technologies, Inc.)
[rr2340 / rr2340][Stopped/Boot Start]
(\SystemRoot\system32\DRIVERS\rr2340.sys)(HighPoint Technologies, Inc.)
[Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver / RTLE8023xp][Running/Manual Start]
(system32\DRIVERS\Rtenicxp.sys)(Realtek Semiconductor Corporation)
[S150sx8 / S150sx8][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\S150sx8.sys)(Promise Technology, Inc.)
[Safe Mon 360 / SafeMon0][Running/System Start]
(\??\C:\WINDOWS\system32\1ACD18E8.dat)(N/A)
[Secdrv / Secdrv][Stopped/Manual Start]
(system32\DRIVERS\secdrv.sys)(Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
[SiI-3512 SATALink Controller / SI3112][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\SI3112.sys)(Silicon Image, Inc.)
[ATI-437A Serial ATA Controller / SI3112r][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\SI3112r.sys)(Silicon Image, Inc)
[SiI-3114 SATALink Controller / SI3114][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\SI3114.sys)(Silicon Image, Inc.)
[SiI-3114 SATARaid Controller / SI3114r][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\SI3114R.sys)(Silicon Image, Inc)
[SiI-3114 SoftRaid 5 Controller / Si3114r5][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\Si3114r5.sys)(Silicon Image, Inc)
[SiI-3124 SATALink Controller / SI3124][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\SI3124.sys)(Silicon Image, Inc.)
[SiI-3124 SATARaid Controller / SI3124r][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\SI3124R.sys)(Silicon Image, Inc)
[SiI-3124 SoftRaid 5 Controller / Si3124r5][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\Si3124r5.sys)(Silicon Image, Inc)
[SiI-3132 SATALink Controller / SI3132][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\SI3132.sys)(Silicon Image, Inc.)
[SiI-3132 SoftRaid 5 Controller / Si3132r5][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\Si3132r5.sys)(Silicon Image, Inc)
[SATALink driver accelerator / SiFilter][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\SiWinAcc.sys)(Silicon Image, Inc.)
[SATALink External Device Filter / SiRemFil][Running/Boot Start]
(\SystemRoot\system32\DRIVERS\SiRemFil.sys)(Silicon Image, Inc.)
[SIS AGP Bus Filter / sisagp][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\sisagp.sys)(Silicon Integrated Systems Corporation)
[SiSide / SiSide][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\siside.sys)(Silicon Integrated Systems Corp.)
[SiSRaid4 / SiSRaid4][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\sisraid4.sys)(Silicon Integrated Systems)
[sisraidx / sisraidx][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\sisraidx.sys)(Silicon Integrated Systems Corp.)
[Sparrow / Sparrow][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\sparrow.sys)(Adaptec, Inc.)
[sptrak / sptrak][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\sptrak.sys)(Promise Technology, Inc.)
[symc8xx / symc8xx][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\symc8xx.sys)(LSI Logic)
[Symmpi / Symmpi][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\symmpi.sys)(LSI Logic)
[sym_hi / sym_hi][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\sym_hi.sys)(LSI Logic)
[sym_u3 / sym_u3][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\sym_u3.sys)(LSI Logic)
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
(system32\DRIVERS\tcpip.sys)(Microsoft Corporation)
[UlSata / UlSata][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\ulsata.sys)(Promise Technology, Inc.)
[ulsata2 / ulsata2][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\ulsata2.sys)(Promise Technology, Inc.)
[ultra / ultra][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\ultra.sys)(Promise Technology, Inc.)
[viamraid / viamraid][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\viamraid.sys)(VIA Technologies inc,.ltd)
[VIA ATA/ATAPI Host Controller / viapdsk][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\viapdsk.sys)(VIA Technologies, Inc.)
[ViBus / ViBus][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\ViBus.sys)(VIA Technologies, Inc.)
[videX32 / videX32][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\videX32.sys)(VIA Technologies, Inc.)
[VIA SATA IDE Device Driver / ViPrt][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\ViPrt.sys)(VIA Technologies, Inc.)
[VMscsi / VMscsi][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\vmscsi.sys)(VMware, Inc.)
[VIA SATA IDE Hot-plug Driver / xfilt][Stopped/Disabled]
(\SystemRoot\system32\DRIVERS\xfilt.sys)(VIA Technologies,Inc)



--------------------------------------------------------------------------------



浏览器加载项

[ThunderAtOnce Class]
{01443AEC-0FD1-40fd-9C87-E93D1494C233} (C:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD)
[]
{47665FA5-FCF5-4444-B552-DF6549ECCA27} (C:\Program Files\Internet Explorer\UzsKtNt.Zs3, N/A)
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} (C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD)
[BoBoControl Class]
{EC0978ED-24E3-403C-AB7A-060E388553E6} (C:\WINDOWS\system32\BoBo_ActiveX_V3.ocx, 广州易播信息科技有限公司)
[ThunderAtOnce Class]
{01443AEC-0FD1-40FD-9C87-E93D1494C233} (C:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD)
[]
{47665FA5-FCF5-4444-B552-DF6549ECCA27} (C:\Program Files\Internet Explorer\UzsKtNt.Zs3, N/A)
[Thunder Agent Class]
{485463B7-8FB2-4B3B-B29B-8B919B0EACCE} (C:\Program Files\Thunder\ComDlls\ThunderAgent_Now.dll, Thunder Networking Technologies,LTD)
[]
{6096E38F-5AC1-4391-8EC4-75DFA92FB32F} (, )
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} (C:\WINDOWS\system32\shdocvw.dll, (Signed) Microsoft Corporation)
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} (C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD)
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} (C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, (Signed) Adobe Systems, Inc.)
[BoBoControl Class]
{EC0978ED-24E3-403C-AB7A-060E388553E6} (C:\WINDOWS\system32\BoBo_ActiveX_V3.ocx, 广州易播信息科技有限公司)
[使用迅雷下载]
(C:\Program Files\Thunder\Program\geturl.htm, N/A)
[使用迅雷下载全部链接]
(C:\Program Files\Thunder\Program\getallurl.htm, N/A)



--------------------------------------------------------------------------------



正在运行的进程

[PID: 624 / SYSTEM][\SystemRoot\System32\smss.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 684 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\csrss.dll] [N/A, ]
[C:\WINDOWS\system32\sh05022.dll] [N/A, ]
[PID: 708 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\HBCHIBI.dll] [N/A, ]
[C:\WINDOWS\system32\ofkdghli.dll] [N/A, ]
[C:\WINDOWS\system32\pehaclcj.dll] [N/A, ]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 752 / SYSTEM][C:\WINDOWS\system32\services.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\HBCHIBI.dll] [N/A, ]
[C:\WINDOWS\system32\ofkdghli.dll] [N/A, ]
[C:\WINDOWS\system32\pehaclcj.dll] [N/A, ]
[PID: 764 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\HBCHIBI.dll] [N/A, ]
[C:\WINDOWS\system32\ofkdghli.dll] [N/A, ]
[C:\WINDOWS\system32\pehaclcj.dll] [N/A, ]
[C:\WINDOWS\system32\imon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, ]
[PID: 944 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\HBCHIBI.dll] [N/A, ]
[C:\WINDOWS\system32\ofkdghli.dll] [N/A, ]
[C:\WINDOWS\system32\pehaclcj.dll] [N/A, ]
[c:\windows\system32\rpcss.dll] [N/A, ]
[C:\WINDOWS\system32\anymie360.dll] [N/A, ]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WowInitcode.dat] [N/A, ]
[C:\Program Files\Internet Explorer\UzsKtNt.Zs3] [N/A, ]
[PID: 1016 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\HBCHIBI.dll] [N/A, ]
[C:\WINDOWS\system32\ofkdghli.dll] [N/A, ]
[C:\WINDOWS\system32\pehaclcj.dll] [N/A, ]
[c:\windows\system32\rpcss.dll] [N/A, ]
[C:\WINDOWS\system32\imon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, ]
[PID: 1132 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\System32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\System32\HBCHIBI.dll] [N/A, ]
[C:\WINDOWS\System32\ofkdghli.dll] [N/A, ]
[C:\WINDOWS\System32\pehaclcj.dll] [N/A, ]
[C:\WINDOWS\system32\imon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, ]
[C:\Program Files\Internet Explorer\UzsKtNt.Zs3] [N/A, ]
[PID: 1276 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\HBCHIBI.dll] [N/A, ]
[C:\WINDOWS\system32\ofkdghli.dll] [N/A, ]
[C:\WINDOWS\system32\pehaclcj.dll] [N/A, ]
[C:\WINDOWS\system32\imon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, ]
[PID: 1308 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\HBCHIBI.dll] [N/A, ]
[C:\WINDOWS\system32\ofkdghli.dll] [N/A, ]
[C:\WINDOWS\system32\pehaclcj.dll] [N/A, ]
[C:\WINDOWS\system32\imon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, ]
[PID: 1476 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [(Verified) Microsoft Corporation, 5.1.2600.2696 (xpsp.050610-1527)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\HBCHIBI.dll] [N/A, ]
[C:\WINDOWS\system32\ofkdghli.dll] [N/A, ]
[C:\WINDOWS\system32\pehaclcj.dll] [N/A, ]
[PID: 1688 / Administrator][C:\WINDOWS\Explorer.EXE] [(Verified) Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_qfe.070613-1311)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\HBCHIBI.dll] [N/A, ]
[C:\WINDOWS\system32\ofkdghli.dll] [N/A, ]
[C:\WINDOWS\system32\pehaclcj.dll] [N/A, ]
[C:\Program Files\Internet Explorer\UzsKtNt.Zs3] [N/A, ]
[C:\WINDOWS\system32\kmjeafch.dll] [N/A, ]
[C:\WINDOWS\system32\emiokcoo.dll] [N/A, ]
[C:\WINDOWS\system32\ngclanac.dll] [N/A, ]
[C:\WINDOWS\system32\fgcbkfob.dll] [N/A, ]
[C:\WINDOWS\system32\mifieejn.dll] [N/A, ]
[C:\WINDOWS\system32\emjapdea.dll] [N/A, ]
[C:\WINDOWS\system32\eoiiejle.dll] [N/A, ]
[C:\WINDOWS\system32\gcplgfhc.dll] [N/A, ]
[C:\WINDOWS\system32\nijonfcj.dll] [N/A, ]
[C:\WINDOWS\system32\acjeblfe.dll] [N/A, ]
[C:\WINDOWS\system32\alfokhai.dll] [N/A, ]
[C:\WINDOWS\system32\anymie360.dll] [N/A, ]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[C:\Program Files\Eset\nodshex.dll] [N/A, ]
[C:\WINDOWS\system32\nvcpl.dll] [NVIDIA Corporation, 6.14.11.6921]
[C:\WINDOWS\system32\nvapi.dll] [NVIDIA Corporation, 6.14.11.6921]
[C:\WINDOWS\system32\nvshell.dll] [, ]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WowInitcode.dat] [N/A, ]
[C:\WINDOWS\system32\ieebhibb.dll] [N/A, ]
[C:\WINDOWS\system32\fgfinafd.dll] [N/A, ]
[C:\WINDOWS\system32\jibgmeng.dll] [N/A, ]
[C:\WINDOWS\system32\lalnhdbf.dll] [N/A, ]
[C:\WINDOWS\system32\fojeijod.dll] [N/A, ]
[C:\WINDOWS\system32\egiafooh.dll] [N/A, ]
[C:\WINDOWS\system32\fhgeogbg.dll] [N/A, ]
[C:\WINDOWS\system32\aalcjjpg.dll] [N/A, ]
[C:\WINDOWS\system32\cmahmoni.dll] [N/A, ]
[C:\WINDOWS\system32\dmdpggja.dll] [N/A, ]
[C:\WINDOWS\system32\cffhhleo.dll] [N/A, ]
[C:\WINDOWS\system32\bbnefkea.dll] [N/A, ]
[C:\WINDOWS\system32\shdoclc.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1980 / Administrator][C:\WINDOWS\RTHDCPL.EXE] [Realtek Semiconductor Corp., 2.2.5.9]
[C:\WINDOWS\system32\ofkdghli.dll] [N/A, ]
[C:\WINDOWS\system32\pehaclcj.dll] [N/A, ]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Internet Explorer\UzsKtNt.Zs3] [N/A, ]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WowInitcode.dat] [N/A, ]
[PID: 2024 / Administrator][C:\WINDOWS\system32\System.exe] [HB Software, 1, 2, 1, 1007]
[C:\WINDOWS\system32\HBCHIBI.dll] [N/A, ]
[C:\WINDOWS\system32\ofkdghli.dll] [N/A, ]
[C:\WINDOWS\system32\pehaclcj.dll] [N/A, ]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Internet Explorer\UzsKtNt.Zs3] [N/A, ]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WowInitcode.dat] [N/A, ]
[PID: 2032 / Administrator][C:\Program Files\Eset\nod32kui.exe] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\nod32rui.dll] [N/A, ]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Internet Explorer\UzsKtNt.Zs3] [N/A, ]
[C:\WINDOWS\system32\HBCHIBI.dll] [N/A, ]
[C:\Program Files\Eset\pu_amon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_amon.dll] [Eset , 2, 70, 16 ]
[C:\Program Files\Eset\pu_dmon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_dmon.dll] [N/A, ]
[C:\Program Files\Eset\pu_emon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_emon.dll] [N/A, ]
[C:\Program Files\Eset\pu_imon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, ]
[C:\Program Files\Eset\pu_nod32.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_nod32.dll] [Eset , 2, 70, 16 ]
[C:\Program Files\Eset\pu_upd.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_upd.dll] [N/A, ]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WowInitcode.dat] [N/A, ]
[C:\WINDOWS\system32\ieebhibb.dll] [N/A, ]
[C:\WINDOWS\system32\fgfinafd.dll] [N/A, ]
[C:\WINDOWS\system32\egiafooh.dll] [N/A, ]
[C:\WINDOWS\system32\fojeijod.dll] [N/A, ]
[C:\WINDOWS\system32\lalnhdbf.dll] [N/A, ]
[C:\WINDOWS\system32\jibgmeng.dll] [N/A, ]
[C:\WINDOWS\system32\fhgeogbg.dll] [N/A, ]
[C:\WINDOWS\system32\dmdpggja.dll] [N/A, ]
[C:\WINDOWS\system32\cmahmoni.dll] [N/A, ]
[C:\WINDOWS\system32\aalcjjpg.dll] [N/A, ]
[C:\WINDOWS\system32\cffhhleo.dll] [N/A, ]
[C:\WINDOWS\system32\bbnefkea.dll] [N/A, ]
[PID: 2040 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [(Infected) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\ofkdghli.dll] [N/A, ]
[C:\WINDOWS\system32\pehaclcj.dll] [N/A, ]
[C:\Program Files\Internet Explorer\UzsKtNt.Zs3] [N/A, ]
[C:\WINDOWS\system32\imon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, ]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WowInitcode.dat] [N/A, ]
[PID: 2012 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\System32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\System32\ofkdghli.dll] [N/A, ]
[C:\WINDOWS\System32\pehaclcj.dll] [N/A, ]
[C:\WINDOWS\System32\alfokhai.dll] [N/A, ]
[C:\WINDOWS\System32\acjeblfe.dll] [N/A, ]
[C:\WINDOWS\System32\nijonfcj.dll] [N/A, ]
[C:\WINDOWS\System32\gcplgfhc.dll] [N/A, ]
[C:\WINDOWS\System32\eoiiejle.dll] [N/A, ]
[C:\WINDOWS\System32\emjapdea.dll] [N/A, ]
[C:\WINDOWS\System32\mifieejn.dll] [N/A, ]
[C:\WINDOWS\System32\fgcbkfob.dll] [N/A, ]
[C:\WINDOWS\System32\ngclanac.dll] [N/A, ]
[C:\WINDOWS\System32\emiokcoo.dll] [N/A, ]
[C:\WINDOWS\System32\kmjeafch.dll] [N/A, ]
[C:\WINDOWS\system32\imon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, ]
[PID: 160 / SYSTEM][C:\Program Files\StormII\stormliv.exe] [北京暴风网际科技有限公司, 3, 8, 3, 15]
[C:\WINDOWS\system32\HBCHIBI.dll] [N/A, ]
[C:\WINDOWS\system32\ofkdghli.dll] [N/A, ]
[C:\WINDOWS\system32\pehaclcj.dll] [N/A, ]
[C:\WINDOWS\system32\alfokhai.dll] [N/A, ]
[C:\WINDOWS\system32\acjeblfe.dll] [N/A, ]
[C:\WINDOWS\system32\nijonfcj.dll] [N/A, ]
[C:\WINDOWS\system32\gcplgfhc.dll] [N/A, ]
[C:\WINDOWS\system32\eoiiejle.dll] [N/A, ]
[C:\WINDOWS\system32\emjapdea.dll] [N/A, ]
[C:\WINDOWS\system32\mifieejn.dll] [N/A, ]
[C:\WINDOWS\system32\fgcbkfob.dll] [N/A, ]
[C:\WINDOWS\system32\ngclanac.dll] [N/A, ]
[C:\WINDOWS\system32\emiokcoo.dll] [N/A, ]
[C:\WINDOWS\system32\kmjeafch.dll] [N/A, ]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\imon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, ]
[PID: 660 / SYSTEM][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\HBCHIBI.dll] [N/A, ]
[C:\WINDOWS\system32\ofkdghli.dll] [N/A, ]
[C:\WINDOWS\system32\pehaclcj.dll] [N/A, ]
[C:\WINDOWS\system32\alfokhai.dll] [N/A, ]
[C:\WINDOWS\system32\acjeblfe.dll] [N/A, ]
[C:\WINDOWS\system32\nijonfcj.dll] [N/A, ]
[C:\WINDOWS\system32\gcplgfhc.dll] [N/A, ]
[C:\WINDOWS\system32\eoiiejle.dll] [N/A, ]
[C:\WINDOWS\system32\emjapdea.dll] [N/A, ]
[C:\WINDOWS\system32\mifieejn.dll] [N/A, ]
[C:\WINDOWS\system32\fgcbkfob.dll] [N/A, ]
[C:\WINDOWS\system32\ngclanac.dll] [N/A, ]
[C:\WINDOWS\system32\emiokcoo.dll] [N/A, ]
[C:\WINDOWS\system32\kmjeafch.dll] [N/A, ]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\imon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, ]
[PID: 1100 / SYSTEM][C:\Program Files\Internet Explorer\UnxxZun.Zmp] [N/A, ]
[C:\WINDOWS\system32\HBCHIBI.dll] [N/A, ]
[C:\WINDOWS\system32\ofkdghli.dll] [N/A, ]
[C:\WINDOWS\system32\pehaclcj.dll] [N/A, ]
[C:\WINDOWS\system32\alfokhai.dll] [N/A, ]
[C:\WINDOWS\system32\acjeblfe.dll] [N/A, ]
[C:\WINDOWS\system32\nijonfcj.dll] [N/A, ]
[C:\WINDOWS\system32\gcplgfhc.dll] [N/A, ]
[C:\WINDOWS\system32\eoiiejle.dll] [N/A, ]
[C:\WINDOWS\system32\emjapdea.dll] [N/A, ]
[C:\WINDOWS\system32\mifieejn.dll] [N/A, ]
[C:\WINDOWS\system32\fgcbkfob.dll] [N/A, ]
[C:\WINDOWS\system32\ngclanac.dll] [N/A, ]
[C:\WINDOWS\system32\emiokcoo.dll] [N/A, ]
[C:\WINDOWS\system32\kmjeafch.dll] [N/A, ]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Internet Explorer\UzsKtNt.Zs3] [N/A, ]
[PID: 912 / SYSTEM][C:\Program Files\Eset\nod32krn.exe] [Eset , 2, 70, 39 ]
[C:\WINDOWS\system32\HBCHIBI.dll] [N/A, ]
[C:\WINDOWS\system32\ofkdghli.dll] [N/A, ]
[C:\WINDOWS\system32\pehaclcj.dll] [N/A, ]
[C:\WINDOWS\system32\alfokhai.dll] [N/A, ]
[C:\WINDOWS\system32\acjeblfe.dll] [N/A, ]
[C:\WINDOWS\system32\nijonfcj.dll] [N/A, ]
[C:\WINDOWS\system32\gcplgfhc.dll] [N/A, ]
[C:\WINDOWS\system32\eoiiejle.dll] [N/A, ]
[C:\WINDOWS\system32\emjapdea.dll] [N/A, ]
[C:\WINDOWS\system32\mifieejn.dll] [N/A, ]
[C:\WINDOWS\system32\fgcbkfob.dll] [N/A, ]
[C:\WINDOWS\system32\ngclanac.dll] [N/A, ]
[C:\WINDOWS\system32\emiokcoo.dll] [N/A, ]
[C:\WINDOWS\system32\kmjeafch.dll] [N/A, ]
[C:\Program Files\Eset\nod32krr.dll] [Eset , 2, 70, 32 ]
[C:\Program Files\Eset\ps_amon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_amon.dll] [Eset , 2, 70, 16 ]
[C:\Program Files\Eset\ps_dmon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_dmon.dll] [N/A, ]
[C:\Program Files\Eset\ps_emon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_emon.dll] [N/A, ]
[C:\WINDOWS\system32\imon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, ]
[C:\Program Files\Eset\ps_nod32.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_nod32.dll] [Eset , 2, 70, 16 ]
[C:\Program Files\Eset\ps_upd.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_upd.dll] [N/A, ]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1844 / SYSTEM][C:\WINDOWS\system32\nvsvc32.exe] [NVIDIA Corporation, 6.14.11.6921]
[C:\WINDOWS\system32\nijonfcj.dll] [N/A, ]
[C:\WINDOWS\system32\gcplgfhc.dll] [N/A, ]
[C:\WINDOWS\system32\fgcbkfob.dll] [N/A, ]
[C:\WINDOWS\system32\nvapi.dll] [NVIDIA Corporation, 6.14.11.6921]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1912 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[C:\WINDOWS\system32\HBCHIBI.dll] [N/A, ]
[C:\WINDOWS\system32\ofkdghli.dll] [N/A, ]
[C:\WINDOWS\system32\pehaclcj.dll] [N/A, ]
[C:\WINDOWS\system32\alfokhai.dll] [N/A, ]
[C:\WINDOWS\system32\acjeblfe.dll] [N/A, ]
[C:\WINDOWS\system32\nijonfcj.dll] [N/A, ]
[C:\WINDOWS\system32\gcplgfhc.dll] [N/A, ]
[C:\WINDOWS\system32\eoiiejle.dll] [N/A, ]
[C:\WINDOWS\system32\emjapdea.dll] [N/A, ]
[C:\WINDOWS\system32\mifieejn.dll] [N/A, ]
[C:\WINDOWS\system32\fgcbkfob.dll] [N/A, ]
[C:\WINDOWS\system32\ngclanac.dll] [N/A, ]
[C:\WINDOWS\system32\emiokcoo.dll] [N/A, ]
[C:\WINDOWS\system32\kmjeafch.dll] [N/A, ]
[PID: 3692 / Administrator][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\141270] [, 1, 0, 0, 1]
[C:\WINDOWS\system32\HBCHIBI.dll] [N/A, ]
[C:\WINDOWS\system32\ofkdghli.dll] [N/A, ]
[C:\WINDOWS\system32\pehaclcj.dll] [N/A, ]
[C:\WINDOWS\system32\alfokhai.dll] [N/A, ]
[C:\WINDOWS\system32\acjeblfe.dll] [N/A, ]
[C:\WINDOWS\system32\nijonfcj.dll] [N/A, ]
[C:\WINDOWS\system32\gcplgfhc.dll] [N/A, ]
[C:\WINDOWS\system32\eoiiejle.dll] [N/A, ]
[C:\WINDOWS\system32\emjapdea.dll] [N/A, ]
[C:\WINDOWS\system32\mifieejn.dll] [N/A, ]
[C:\WINDOWS\system32\fgcbkfob.dll] [N/A, ]
[C:\WINDOWS\system32\ngclanac.dll] [N/A, ]
[C:\WINDOWS\system32\emiokcoo.dll] [N/A, ]
[C:\WINDOWS\system32\kmjeafch.dll] [N/A, ]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Internet Explorer\UzsKtNt.Zs3] [N/A, ]
[C:\WINDOWS\system32\imon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, ]
[PID: 3468 / Administrator][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\395788] [N/A, ]
[C:\WINDOWS\system32\imon.dll] [Eset , 2, 70, 39 ]
[C:\WINDOWS\system32\pehaclcj.dll] [N/A, ]
[C:\WINDOWS\system32\ieebhibb.dll] [N/A, ]
[C:\WINDOWS\system32\HBCHIBI.dll] [N/A, ]
[C:\WINDOWS\system32\fgfinafd.dll] [N/A, ]
[C:\WINDOWS\system32\jibgmeng.dll] [N/A, ]
[C:\WINDOWS\system32\lalnhdbf.dll] [N/A, ]
[C:\WINDOWS\system32\fojeijod.dll] [N/A, ]
[C:\WINDOWS\system32\kebfolip.dll] [N/A, ]
[C:\WINDOWS\system32\egiafooh.dll] [N/A, ]
[C:\WINDOWS\system32\japabadk.dll] [N/A, ]
[C:\WINDOWS\system32\fhgeogbg.dll] [N/A, ]
[C:\WINDOWS\system32\jeafojjf.dll] [N/A, ]
[C:\WINDOWS\system32\aalcjjpg.dll] [N/A, ]
[C:\WINDOWS\system32\cmahmoni.dll] [N/A, ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, ]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2004 / Administrator][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\457416] [N/A, ]
[C:\WINDOWS\system32\ieebhibb.dll] [N/A, ]
[C:\WINDOWS\system32\fgfinafd.dll] [N/A, ]
[C:\WINDOWS\system32\jibgmeng.dll] [N/A, ]
[C:\WINDOWS\system32\lalnhdbf.dll] [N/A, ]
[C:\WINDOWS\system32\fojeijod.dll] [N/A, ]
[C:\WINDOWS\system32\egiafooh.dll] [N/A, ]
[C:\WINDOWS\system32\fhgeogbg.dll] [N/A, ]
[C:\WINDOWS\system32\aalcjjpg.dll] [N/A, ]
[C:\WINDOWS\system32\cmahmoni.dll] [N/A, ]
[C:\WINDOWS\system32\dmdpggja.dll] [N/A, ]
[C:\WINDOWS\system32\cffhhleo.dll] [N/A, ]
[C:\WINDOWS\system32\bbnefkea.dll] [N/A, ]
[C:\WINDOWS\system32\bbijjojb.dll] [N/A, ]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Internet Explorer\UzsKtNt.Zs3] [N/A, ]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WowInitcode.dat] [N/A, ]
[PID: 2392 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\ieebhibb.dll] [N/A, ]
[C:\WINDOWS\system32\HBCHIBI.dll] [N/A, ]
[C:\WINDOWS\system32\fgfinafd.dll] [N/A, ]
[C:\WINDOWS\system32\jibgmeng.dll] [N/A, ]
[C:\WINDOWS\system32\lalnhdbf.dll] [N/A, ]
[C:\WINDOWS\system32\fojeijod.dll] [N/A, ]
[C:\WINDOWS\system32\egiafooh.dll] [N/A, ]
[C:\WINDOWS\system32\fhgeogbg.dll] [N/A, ]
[C:\WINDOWS\system32\aalcjjpg.dll] [N/A, ]
[C:\WINDOWS\system32\cmahmoni.dll] [N/A, ]
[C:\WINDOWS\system32\dmdpggja.dll] [N/A, ]
[C:\WINDOWS\system32\cffhhleo.dll] [N/A, ]
[C:\WINDOWS\system32\bbnefkea.dll] [N/A, ]
[C:\WINDOWS\system32\dpkkacma.dll] [N/A, ]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Internet Explorer\UzsKtNt.Zs3] [N/A, ]
[C:\WINDOWS\system32\shdoclc.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WowInitcode.dat] [N/A, ]
[C:\WINDOWS\system32\imon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, ]
[C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx] [Adobe Systems, Inc., 9,0,124,0]
[C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.3.0.0]
[PID: 2124 / Administrator][D:\个人资料管理\Administrator\桌面\sreng2\SREngLdr.EXE] [Smallfrogs Studio, 2.7.0.1210]
[C:\WINDOWS\system32\cffhhleo.dll] [N/A, ]
[C:\WINDOWS\system32\fhgeogbg.dll] [N/A, ]
[C:\WINDOWS\system32\ieebhibb.dll] [N/A, ]
[C:\WINDOWS\system32\fgfinafd.dll] [N/A, ]
[C:\WINDOWS\system32\lalnhdbf.dll] [N/A, ]
[C:\WINDOWS\system32\aalcjjpg.dll] [N/A, ]
[C:\WINDOWS\system32\fojeijod.dll] [N/A, ]
[C:\WINDOWS\system32\jibgmeng.dll] [N/A, ]
[C:\WINDOWS\system32\dmdpggja.dll] [N/A, ]
[C:\WINDOWS\system32\egiafooh.dll] [N/A, ]
[C:\WINDOWS\system32\bbnefkea.dll] [N/A, ]
[C:\WINDOWS\system32\cmahmoni.dll] [N/A, ]
[C:\WINDOWS\system32\HBCHIBI.dll] [N/A, ]
[PID: 2468 / Administrator][D:\个人资料管理\Administrator\桌面\sreng2\SREf18ba150.EXE] [Smallfrogs Studio, 2.7.0.1210]
[C:\WINDOWS\system32\cffhhleo.dll] [N/A, ]
[C:\WINDOWS\system32\fhgeogbg.dll] [N/A, ]
[C:\WINDOWS\system32\ieebhibb.dll] [N/A, ]
[C:\WINDOWS\system32\fgfinafd.dll] [N/A, ]
[C:\WINDOWS\system32\lalnhdbf.dll] [N/A, ]
[C:\WINDOWS\system32\aalcjjpg.dll] [N/A, ]
[C:\WINDOWS\system32\fojeijod.dll] [N/A, ]
[C:\WINDOWS\system32\jibgmeng.dll] [N/A, ]
[C:\WINDOWS\system32\dmdpggja.dll] [N/A, ]
[C:\WINDOWS\system32\egiafooh.dll] [N/A, ]
[C:\WINDOWS\system32\bbnefkea.dll] [N/A, ]
[C:\WINDOWS\system32\cmahmoni.dll] [N/A, ]
[C:\WINDOWS\system32\HBCHIBI.dll] [N/A, ]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Internet Explorer\UzsKtNt.Zs3] [N/A, ]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WowInitcode.dat] [N/A, ]
[D:\个人资料管理\Administrator\桌面\sreng2\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
[C:\WINDOWS\system32\imon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, ]
[PID: 2796 / Administrator][C:\Program Files\Thunder\Program\Thunder5.exe] [Thunder Networking Technologies,LTD, 5.8.1.507]
[C:\Program Files\Thunder\Program\BugReport.dll] [Thunder Networking Technologies,LTD, 1, 4, 1, 20]
[C:\Program Files\Thunder\Program\ThunderEx.dll] [, 1, 2, 5, 24]
[C:\WINDOWS\system32\ieebhibb.dll] [N/A, ]
[C:\WINDOWS\system32\HBCHIBI.dll] [N/A, ]
[C:\WINDOWS\system32\fgfinafd.dll] [N/A, ]
[C:\WINDOWS\system32\jibgmeng.dll] [N/A, ]
[C:\WINDOWS\system32\lalnhdbf.dll] [N/A, ]
[C:\WINDOWS\system32\fojeijod.dll] [N/A, ]
[C:\WINDOWS\system32\egiafooh.dll] [N/A, ]
[C:\WINDOWS\system32\fhgeogbg.dll] [N/A, ]
[C:\WINDOWS\system32\aalcjjpg.dll] [N/A, ]
[C:\WINDOWS\system32\cmahmoni.dll] [N/A, ]
[C:\WINDOWS\system32\dmdpggja.dll] [N/A, ]
[C:\WINDOWS\system32\cffhhleo.dll] [N/A, ]
[C:\WINDOWS\system32\bbnefkea.dll] [N/A, ]
[C:\WINDOWS\system32\dpkkacma.dll] [N/A, ]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Internet Explorer\UzsKtNt.Zs3] [N/A, ]
[C:\Program Files\Thunder\Program\TaskManager.dll] [Thunder Networking Technologies,LTD, 1, 3, 6, 66]
[C:\Program Files\Thunder\Program\download_interface.dll] [Thunder Networking Technologies,LTD, 3, 1, 2, 311]
[C:\Program Files\Thunder\Program\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Thunder\Program\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Thunder\Program\asyn_frame.dll] [Thunder Networking Technologies,LTD, 1, 1, 2, 13]
[C:\Program Files\Thunder\Program\ATL71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\imon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, ]
[C:\Program Files\Thunder\Program\emule_id.dll] [Thunder Networking Technologies,LTD, 1, 0, 2, 7]
[C:\Program Files\Thunder\Program\backend_agent.dll] [Thunder Networking Technologies,LTD, 1, 1, 2, 17]
[C:\Program Files\Thunder\Program\ptl.dll] [Thunder Networking Technologies,LTD, 1, 0, 2, 18]
[C:\Program Files\Thunder\Program\xl_stat.dll] [Thunder Networking Technologies,LTD, 1, 1, 2, 3]
[C:\Program Files\Thunder\Program\fs.dll] [Thunder Networking Technologies,LTD, 1, 1, 2, 9]
[C:\Program Files\Thunder\Program\XLNet.Dll] [Thunder Networking Technologies,LTD, 1, 5, 1, 24]
[C:\Program Files\Thunder\Program\iTargetAD.dll] [N/A, ]
[C:\Program Files\Thunder\Program\BHOStub.dll] [Thunder Networking Technologies,LTD, 1, 1, 1, 10]
[C:\Program Files\Thunder\Components\DownAndPlay\DownAndPlay.dll] [, 1, 0, 12, 30]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WowInitcode.dat] [N/A, ]
[C:\WINDOWS\system32\shdoclc.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Thunder\Program\p2sp.dll] [Thunder Networking Technologies,LTD, 1, 1, 2, 18]
[C:\Program Files\Thunder\Program\down_dispatcher.dll] [Thunder Networking Technologies,LTD, 1, 0, 2, 17]
[C:\Program Files\Thunder\Program\p2p.dll] [Thunder Networking Technologies,LTD, 1,1,2,24]
[C:\Program Files\Thunder\Program\xldc.dll] [Thunder Networking Technologies,LTD, 2, 6, 2, 12]
[C:\Program Files\Thunder\Program\stream.dll] [Thunder Networking Technologies,LTD, 2, 1, 2, 369]
[C:\Program Files\Thunder\Program\p2p_upload.dll] [Thunder Networking Technologies,LTD, 1, 1, 2, 8]
[C:\Program Files\Thunder\Program\p2p_local_res.dll] [Thunder Networking Technologies,LTD, 1, 1, 2, 8]
[C:\Program Files\Thunder\Program\al.dll] [Thunder Networking Technologies,LTD, 1,1,2,15]
[C:\Program Files\Thunder\Components\Community\XLCommunity.dll] [Thunder Networking Technologies,LTD, 2, 2, 0, 55]
[C:\Program Files\Thunder\Program\XLCommunityEx.dll] [N/A, ]
[C:\Program Files\Thunder\Program\RegisterDll.dll] [Thunder Networking Technologies,LTD, 2, 17, 0, 67]
[C:\Program Files\Thunder\Program\MSVCIRT.dll] [Microsoft Corporation, 7.0.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Thunder\Components\Security\ThunderSafe.dll] [深圳市迅雷网络技术有限公司, 2, 0, 0, 88]
[C:\Program Files\Thunder\Components\Security\ConfigManager.dll] [深圳市迅雷网络技术有限公司, 1, 0, 0, 1]
[C:\Program Files\Thunder\Components\Security\SafeManager.dll] [深圳市迅雷网络技术有限公司, 1, 0, 2, 11]
[C:\Program Files\Thunder\Plugins\XLSafeHost\XLSafeHost.dll] [深圳市迅雷网络技术有限公司, 1, 1, 0, 65]
[C:\Program Files\Thunder\Program\XLNetU.Dll] [Thunder Networking Technologies,LTD, 1, 5, 1, 24]
[C:\Program Files\Thunder\Program\bt_download.dll] [Thunder Networking Technologies,LTD, 1, 1, 2, 12]
[C:\Program Files\Thunder\Program\emule.dll] [, 1, 1, 2, 12]
[C:\Program Files\Thunder\Components\Search\XLSearch.dll] [Thunder Networking Technologies,LTD, 1, 1, 6, 21]
[C:\Program Files\Thunder\Program\LiveUpdate.dll] [Thunder Networking Technologies,LTD, 1, 2, 3, 25]
[C:\Program Files\Thunder\Components\XLSoftBase\XLSoftwareBase.dll] [Thunder Networking Technologies,LTD, 1, 0, 1, 4]
[C:\Program Files\Thunder\Plugins\GouGouTop\GouGouTop.dll] [Thunder Networking Technologies,LTD, 1, 0, 2, 5]
[C:\Program Files\Thunder\Components\ExplorerHelper\ExplorerHelper.dll] [Thunder Networking Technologies,LTD, 1, 0, 4, 19]
[C:\Program Files\Thunder\ComDlls\ThunderAgent_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 4, 23]
[C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 8, 96]
[C:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll] [Thunder Networking Technologies,LTD, 1.0.5.29]
[C:\Program Files\Thunder\Components\Tips\TipsClient.dll] [Thunder Networking Technologies,LTD, 2, 2, 12, 108]
[C:\Program Files\Thunder\Components\DownloadStat\DownloadStat.dll] [Thunder Networking Technologies,LTD, 1, 4, 1, 6]
[C:\Program Files\Thunder\Components\Tips\XLIPC.DLL] [Thunder Networking Technologies,LTD, 1, 0, 0, 2]
[C:\Program Files\Thunder\Program\bd.dll] [Thunder Networking Technologies,LTD, 1, 0, 2, 17]



--------------------------------------------------------------------------------



文件关联

.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]



--------------------------------------------------------------------------------



Winsock 提供者

NOD32 protected [MSAFD Tcpip [TCP/IP]]
C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [MSAFD Tcpip [UDP/IP]]
C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [MSAFD Tcpip [RAW/IP]]
C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [RSVP UDP Service Provider]
C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [RSVP TCP Service Provider]
C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32
C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)



--------------------------------------------------------------------------------



Autorun.inf

N/A



--------------------------------------------------------------------------------



HOSTS 文件

127.0.0.1 v.onondown.com.cn
127.0.0.2 ymsdasdw1.cn
127.0.0.3 h96b.info
127.0.0.0 fuck.zttwp.cn
127.0.0.0 www.hackerbf.cn
127.0.0.0 ww.popdm.cn
127.1.1.1 bbt.etimes888.com
127.1.1.1 219.147.13.53
127.1.1.1 dl.360safe.com
127.1.1.1 20068080.cn
127.1.1.1 l.neter888.cn
127.1.1.1 stat.untang.com
127.1.1.1 www.ikdy.cn
127.0.0.0 geekbyfeng.cn
127.0.0.0 121.14.101.68
127.0.0.0 ppp.etimes888.com
127.0.0.0 www.bypk.com
127.0.0.0 CSC3-2004-crl.verisign.com
127.0.0.1 va9sdhun23.cn
127.0.0.0 udp.hjob123.com
127.1.1.1 999.hfdy2828.com
127.1.1.1 www.hfdy2929.com
127.1.1.1 www.xiazaide1.cn
127.1.1.1 www.vuf51579.cn
127.1.1.1 wm.eo2q.cn
127.1.1.1 d.www-263.com
127.1.1.1 www.ssy1688.cn
127.1.1.1 121.12.173.218
127.1.1.1 qq.18i16.net
127.1.1.1 a.baidu-6661.com
127.1.1.1 www.vuf51579.cn
127.1.1.1 www.1079223105.cn
127.1.1.1 home.xzx6.cn
127.1.1.1 top.fgc3.cn
127.1.1.1 165.246.44.228
127.1.1.1 wwww.ttfafa.com
127.1.1.1 pa.tt-09.com
127.0.0.2 bnasnd83nd.cn
127.0.0.0 www.gamehacker.com.cn
127.0.0.0 gamehacker.com.cn
127.1.1.1 www.cctv-100008.cn
127.1.1.1 222.73.208.141
127.0.0.3 adlaji.cn
127.1.1.1 aiyyw.com
127.0.0.1 858656.com
127.1.1.1 bnasnd83nd.cn
127.0.0.1 my123.com
127.0.0.0 user1.12-27.net
127.0.0.1 8749.com
127.0.0.0 fengent.cn
127.0.0.1 4199.com
127.0.0.1 user1.16-22.net
127.0.0.1 7379.com
127.0.0.1 2be37c5f.3f6e2cc5f0b.com
127.0.0.1 7255.com
127.0.0.1 user1.23-12.net
127.0.0.1 3448.com
127.0.0.1 www.guccia.net
127.0.0.1 7939.com
127.0.0.1 a.o1o1o1.nEt
127.0.0.1 8009.com
127.0.0.1 user1.12-73.cn
127.0.0.1 piaoxue.com
127.0.0.1 3n8nlasd.cn
127.0.0.1 kzdh.com
127.0.0.0 www.sony888.cn
127.0.0.1 about.blank.la
127.0.0.0 user1.asp-33.cn
127.0.0.1 6781.com
127.0.0.0 www.netkwek.cn
127.0.0.1 7322.com
127.0.0.0 ymsdkad6.cn
127.0.0.1 localhost
127.0.0.0 www.lkwueir.cn
127.0.0.1 06.jacai.com
127.0.1.1 user1.23-17.net
127.0.0.1 1.jopenkk.com
127.0.0.0 upa.luzhiai.net
127.0.0.1 1.jopenqc.com
127.0.0.0 www.guccia.net
127.0.0.1 1.joppnqq.com
127.0.0.0 4m9mnlmi.cn
127.0.0.1 1.xqhgm.com
127.0.0.0 mm119mkssd.cn
127.0.0.1 100.332233.com
127.0.0.0 61.128.171.115:8080
127.0.0.1 121.11.90.79
127.0.0.0 www.1119111.com
127.0.0.1 121565.net
127.0.0.0 win.nihao69.cn
127.0.0.1 125.90.88.38
127.0.0.1 16888.6to23.com
127.0.0.1 2.joppnqq.com
127.0.0.0 puc.lianxiac.net
127.0.0.1 204.177.92.68
127.0.0.0 pud.lianxiac.net
127.0.0.1 210.74.145.236
127.0.0.0 210.76.0.133
127.0.0.1 219.129.239.220
127.0.0.0 61.166.32.2
127.0.0.1 219.153.40.221
127.0.0.0 218.92.186.27
127.0.0.1 219.153.46.27
127.0.0.0 www.fsfsfag.cn
127.0.0.1 219.153.52.123
127.0.0.0 ovo.ovovov.cn
127.0.0.1 221.195.42.71
127.0.0.0 dw.com.com
127.0.0.1 222.73.218.115
127.0.0.1 203.110.168.233:80
127.0.0.1 3.joppnqq.com
127.0.0.1 203.110.168.221:80
127.0.0.1 363xx.com
127.0.0.1 www1.ip10086.com.cm
127.0.0.1 4199.com
127.0.0.1 blog.ip10086.com.cn
127.0.0.1 43242.com
127.0.0.1 www.ccji68.cn
127.0.0.1 5.xqhgm.com
127.0.0.0 t.myblank.cn
127.0.0.1 520.mm5208.com
127.0.0.0 x.myblank.cn
127.0.0.1 59.34.131.54
127.0.0.1 210.51.45.5
127.0.0.1 59.34.198.228
127.0.0.1 www.ew1q.cn
127.0.0.1 59.34.198.88
127.0.0.1 59.34.198.97
127.0.0.1 60.190.114.101
127.0.0.1 60.190.218.34
127.0.0.0 qq-xing.com.cn
127.0.0.1 60.191.124.252
127.0.0.1 61.145.117.212
127.0.0.1 61.157.109.222
127.0.0.1 75.126.3.216
127.0.0.1 220.250.64.21
127.0.0.1 75.126.3.217
127.0.0.1 75.126.3.218
127.0.0.0 59.125.231.177:17777
127.0.0.1 75.126.3.220
127.0.0.1 75.126.3.221
127.0.0.1 75.126.3.222
127.0.0.1 772630.com
127.0.0.1 832823.cn
127.0.0.1 8749.com
127.0.0.1 888.jopenqc.com
127.0.0.1 89382.cn
127.0.0.1 8v8.biz
127.0.0.1 97725.com
127.0.0.1 9gg.biz
127.0.0.1 www.9000music.com
127.0.0.1 test.591jx.com
127.0.0.1 a.topxxxx.cn
127.0.0.1 picon.chinaren.com
127.0.0.1 www.5566.net
127.0.0.1 p.qqkx.com
127.0.0.1 news.netandtv.com
127.0.0.1 z.neter888.cn
127.0.0.1 b.myblank.cn
127.0.0.1 wvw.wokutu.com
127.0.0.1 unionch.qyule.com
127.0.0.1 www.qyule.com
127.0.0.1 it.itjc.cn
127.0.0.1 www.linkwww.com
127.0.0.1 vod.kaicn.com
127.0.0.1 www.tx8688.com
127.0.0.1 b.neter888.cn
127.0.0.1 promote.huanqiu.com
127.0.0.1 www.huanqiu.com
127.0.0.1 www.haokanla.com
127.0.0.1 play.unionsky.cn
127.0.0.1 www.52v.com
127.0.0.1 www.gghka.cn
127.0.0.1 icon.ajiang.net
127.0.0.1 new.ete.cn
127.0.0.1 www.stiae.cn
127.0.0.1 o.neter888.cn
127.0.0.1 comm.jinti.com
127.0.0.1 www.google-analytics.com
127.0.0.1 hz.mmstat.com
127.0.0.1 www.game175.cn
127.0.0.1 x.neter888.cn
127.0.0.1 z.neter888.cn
127.0.0.1 p.etimes888.com
127.0.0.1 hx.etimes888.com
127.0.0.1 abc.qqkx.com
127.0.0.1 dm.popdm.cn
127.0.0.1 www.yl9999.com
127.0.0.1 www.dajiadoushe.cn
127.0.0.1 v.onondown.com.cn
127.0.0.1 www.interoo.net
127.0.0.1 bally1.bally-bally.net
127.0.0.1 www.bao5605509.cn
127.0.0.1 www.rty456.cn
127.0.0.1 www.werqwer.cn
127.0.0.1 1.360-1.cn
127.0.0.1 user1.23-16.net
127.0.0.1 www.guccia.net
127.0.0.1 www.interoo.net
127.0.0.1 upa.netsool.net
127.0.0.1 js.users.51.la
127.0.0.1 vip2.51.la
127.0.0.1 web.51.la
127.0.0.1 qq.gong2008.com
127.0.0.1 2008tl.copyip.com
127.0.0.1 tla.laozihuolaile.cn
127.0.0.1 www.tx6868.cn
127.0.0.1 p001.tiloaiai.com
127.0.0.1 s1.tl8tl.com
127.0.0.1 s1.gong2008.com
127.0.0.1 4b3ce56f9g.3f6e2cc5f0b.com
127.0.0.1 2be37c5f.3f6e2cc5f0b.com



--------------------------------------------------------------------------------



进程特权扫描

特殊特权被允许： SeSystemtimePrivilege [PID = 2024, C:\WINDOWS\SYSTEM32\SYSTEM.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 2024, C:\WINDOWS\SYSTEM32\SYSTEM.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2024, C:\WINDOWS\SYSTEM32\SYSTEM.EXE]
特殊特权被允许： SeSystemtimePrivilege [PID = 2032, C:\PROGRAM FILES\ESET\NOD32KUI.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 2032, C:\PROGRAM FILES\ESET\NOD32KUI.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2032, C:\PROGRAM FILES\ESET\NOD32KUI.EXE]
特殊特权被允许： SeSystemtimePrivilege [PID = 2040, C:\WINDOWS\SYSTEM32\CTFMON.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 2040, C:\WINDOWS\SYSTEM32\CTFMON.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2040, C:\WINDOWS\SYSTEM32\CTFMON.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1100, C:\PROGRAM FILES\INTERNET EXPLORER\UNXXZUN.ZMP]
特殊特权被允许： SeSystemtimePrivilege [PID = 3692, C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\141270]
特殊特权被允许： SeDebugPrivilege [PID = 3692, C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\141270]
特殊特权被允许： SeLoadDriverPrivilege [PID = 3692, C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\141270]
特殊特权被允许： SeSystemtimePrivilege [PID = 3468, C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\395788]
特殊特权被允许： SeDebugPrivilege [PID = 3468, C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\395788]
特殊特权被允许： SeLoadDriverPrivilege [PID = 3468, C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\395788]
特殊特权被允许： SeSystemtimePrivilege [PID = 2004, C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\457416]
特殊特权被允许： SeDebugPrivilege [PID = 2004, C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\457416]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2004, C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\457416]
特殊特权被允许： SeSystemtimePrivilege [PID = 2124, D:\个人资料管理\ADMINISTRATOR\桌面\SRENG2\SRENGLDR.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 2124, D:\个人资料管理\ADMINISTRATOR\桌面\SRENG2\SRENGLDR.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2124, D:\个人资料管理\ADMINISTRATOR\桌面\SRENG2\SRENGLDR.EXE]
特殊特权被允许： SeSystemtimePrivilege [PID = 2796, C:\PROGRAM FILES\THUNDER\PROGRAM\THUNDER5.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 2796, C:\PROGRAM FILES\THUNDER\PROGRAM\THUNDER5.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2796, C:\PROGRAM FILES\THUNDER\PROGRAM\THUNDER5.EXE]



--------------------------------------------------------------------------------



计划任务

N/A



--------------------------------------------------------------------------------



API HOOK

入口点错误：FreeLibrary (危险等级: 高, 被下面模块所HOOK: 0x5F00002D)



--------------------------------------------------------------------------------



隐藏进程

N/A



--------------------------------------------------------------------------------

---

作者: 8dacc    时间: 2009-1-17 22:50
这个算不算少妙报告？

---

作者: 8dacc    时间: 2009-1-17 22:50
这个算不算少妙报告？

---

作者: 8dacc    时间: 2009-1-17 22:50
这个算不算少妙报告？

---

欢迎光临 八达网 (https://www.8-da.com/)

Powered by Discuz! X2.5