史萊姆論壇

返回   史萊姆論壇 > 專業主討論區 > 一般電腦疑難討論區
刷新本頁 求助 - 電腦中毒 trojan-psw.win32 可以提供SRE的log嗎
忘記密碼?
論壇說明

歡迎您來到『史萊姆論壇』 ^___^

您目前正以訪客的身份瀏覽本論壇,訪客所擁有的權限將受到限制,您可以瀏覽本論壇大部份的版區與文章,但您將無法參與任何討論或是使用私人訊息與其他會員交流。若您希望擁有完整的使用權限,請註冊成為我們的一份子,註冊的程序十分簡單、快速,而且最重要的是--註冊是完全免費的!

請點擊這裡:『註冊成為我們的一份子!』

Google 提供的廣告


發文 回覆
 
主題工具 顯示模式
舊 2007-07-01, 01:57 AM   #1
arratw
榮譽勳章

勳章總數
UID -
在線等級:
文章: n/a
精華:
預設 求助 - 電腦中毒 trojan-psw.win32 可以提供SRE的log嗎
Windows XP Professional Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed

Follow item(s) have been choosed:
All Boot Items (Including Registry, Startup Folders, Services and so on)
Browser Add-ons
Runing Processes (Including process model information)
File Associations
Winsock Provider
Autorun.Inf
HOSTS File


Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
<run><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows Publisher]
<CJIMETIPSYNC><C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync> [(Verified)Microsoft Corporation]
<PHIMETIPSYNC><C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync> [(Verified)Microsoft Corporation]
<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [(Verified)Microsoft Windows Publisher]
<nwiz><nwiz.exe /install> []
<NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<SoundMan><SOUNDMAN.EXE> [(Verified)Microsoft Windows Publisher]
<MSNShell><C:\Program Files\msnshell\msnshell.exe autorun> [N/A]
<REGSHAVE><C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN> [FUJI PHOTO FILM CO., LTD.]
<CnsMin><Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32> [(Verified)"INTER CHINA NETWORK SOFTWARE (BEIJING) CO., LTD."]
<AVP><"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"> [Kaspersky Lab]
<MSNDreyePlugin><D:\Program Files\Inventec\Dreye\DreyeMT\msnplugin.exe /h> []
<SunJavaUpdateSched><"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"> [(Verified)"Sun Microsystems, Inc."]
<helper.dll><C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32> []
<QuickTime Task><"C:\Program Files\QuickTime\qttask.exe" -atboottime> [Apple Computer, Inc.]
<iTunesHelper><"C:\Program Files\iTunes\iTunesHelper.exe"> [(Verified)"Apple Computer, Inc."]
<mnsa><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mnso.exe> [N/A]
<fzg><C:\WINDOWS\Config\svhost32.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{3EA18648-FAF6-490D-9C92-8FD729028A58}><> [N/A]
<{56F9679E-7826-4C84-81F3-532071A8BCC5}><C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll> [Microsoft Corporation]
<{D157330A-9EF3-49F8-9A67-4141AC41ADD4}><C:\WINDOWS\DOWNLO~1\cnshook.dll> [(Verified)"INTER CHINA NETWORK SOFTWARE (BEIJING) CO., LTD."]
<{4BAB150F-DD97-476D-9C1E-41B6CDC0CA7A}><C:\PROGRA~1\Yahoo!\Assistant\yClickOn.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<iKeyWorks><; C:\PROGRA~1\Win2\Keyboard\Ikeymain.exe> [A4Tech Co.,Ltd.]
<iTunesHelper><; "C:\Program Files\iTunes\iTunesHelper.exe"> [(Verified)"Apple Computer, Inc."]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<MsnMsgr><; "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background> [(Verified)Microsoft Corporation]
<updateMgr><; "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1> [N/A]

==================================
Startup Folders
N/A

==================================
Services
[ArcGIS License Manager / ArcGIS License Manager][Running/Auto Start]
<C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe><N/A>
[Kaspersky Anti-Virus 6.0 / AVP][Running/Auto Start]
<"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r><Kaspersky Lab>
[BlueSoleil Hid Service / BlueSoleil Hid Service][Running/Auto Start]
<C:\Program Files\IVT Corporation\IVT BlueSoleil\BTNtService.exe><N/A>
[Google Updater Service / gusvc][Stopped/Manual Start]
<"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
[iPod Service / iPod Service][Running/Manual Start]
<"C:\Program Files\iPod\bin\iPodService.exe"><Apple Computer, Inc.>
[Microsoft Security Manager Center / MscnMgr][Running/Auto Start]
<C:\WINDOWS\system32\wbem\svchost.exe><Microsoft Corporation>
[Nakido / Nakido][Running/Auto Start]
<C:\Program Files\Nakido\nakido.exe><Nakido>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
<C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[PDEngine / PDEngine][Stopped/Manual Start]
<"C:\Program Files\Raxco\PerfectDisk\PDEngine.exe"><Raxco Software, Inc.>
[PDScheduler / PDSched][Running/Auto Start]
<"C:\Program Files\Raxco\PerfectDisk\PDSched.exe"><Raxco Software, Inc.>
[SolidPDFConverterReadSpool / ScReadSpool][Running/Auto Start]
<C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe><VoyagerSoft, LLC>
[Windows Time / W32Time][Running/Auto Start]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\Windows\System32\WXPTime.dll><N/A>

==================================
Drivers
[a347bus / a347bus][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\a347bus.sys><>
[a347scsi / a347scsi][Running/Boot Start]
<\SystemRoot\System32\Drivers\a347scsi.sys><>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[Bluetooth Audio Service / BlueletAudio][Running/Manual Start]
<system32\DRIVERS\blueletaudio.sys><IVT Corporation>
[Bluetooth PAN Network Adapter / BT][Stopped/Manual Start]
<system32\DRIVERS\btnetdrv.sys><IVT Corporation>
[Bluetooth USB For Bluetooth Service / Btcsrusb][Stopped/Manual Start]
<System32\Drivers\btcusb.sys><IVT Corporation>
[Bluetooth HID Enumerator / BTHidEnum][Running/Manual Start]
<system32\DRIVERS\vbtenum.sys><N/A>
[Bluetooth HID Manager Service / BTHidMgr][Running/Boot Start]
<\SystemRoot\System32\Drivers\BTHidMgr.sys><IVT Corporation>
[CnsMinKP / CnsMinKP][Running/Boot Start]
<\SystemRoot\system32\drivers\CnsMinKP.sys><??因特?件(北京)有限公司>
[CnsStd / CnsStd][Running/Auto Start]
<\SystemRoot\System32\drivers\CnsStd.sys><北京三七二一科技有限公司>
[dump_wmimmc / dump_wmimmc][Stopped/Manual Start]
<2 - 系統找不到指定的檔案。
><N/A>
[GEARAspiWDM / GEARAspiWDM][Running/Manual Start]
<System32\Drivers\GEARAspiWDM.sys><GEAR Software Inc.>
[kl1 / kl1][Running/Boot Start]
<\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
[KLIF / KLIF][Running/System Start]
<\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
[mbmbpco / mbmbpco][Running/Boot Start]
<\SystemRoot\\SystemRoot\System32\drivers\mbmbpco.sys><N/A>
[StarForce Protection Environment Driver v6 / prodrv06][Running/System Start]
<\SystemRoot\System32\drivers\prodrv06.sys><StarForce Technologies, Inc.>
[StarForce Protection Helper Driver v2 / prohlp02][Running/Boot Start]
<\SystemRoot\System32\drivers\prohlp02.sys><StarForce Technologies, Inc.>
[StarForce Protection Synchronization Driver v1 / prosync1][Running/Boot Start]
<\SystemRoot\System32\drivers\prosync1.sys><StarForce Technologies, Inc.>
[直接平行連接埠連結驅動程式 / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\PxHelp20.sys><Sonic Solutions>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><N/A>
[Sentinel / Sentinel][Running/Auto Start]
<\SystemRoot\System32\Drivers\SENTINEL.SYS><Rainbow Technologies, Inc.>
[StarForce Protection Helper Driver / sfhlp01][Running/Boot Start]
<\SystemRoot\System32\drivers\sfhlp01.sys><StarForce Technologies, Inc.>
[Sony USB Filter Driver (SONYPVU1) / SONYPVU1][Stopped/Manual Start]
<system32\DRIVERS\SONYPVU1.SYS><Sony Corporation>
[sptd / sptd][Running/Boot Start]
<\SystemRoot\System32\Drivers\sptd.sys><N/A>
[Virtual Serial port driver / VComm][Running/Manual Start]
<system32\DRIVERS\VComm.sys><IVT Corporation>
[Bluetooth VComm Manager Service / VcommMgr][Running/Manual Start]
<System32\Drivers\VcommMgr.sys><IVT Corporation>
[ViaIde / ViaIde][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
[世界標準電傳轉碼器 / WSTCODEC][Stopped/Manual Start]
<system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[XDva007 / XDva007][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\XDva007.sys><N/A>
[XDva008 / XDva008][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\XDva008.sys><N/A>
[XTrapD12 / XTrapD12][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\XTrapD12.sys><N/A>
[aevjn / aevjn][Running/]
<2 - 系統找不到指定的檔案。
><N/A>
[R2A / R2A][Stopped/Disabled]
<\??\C:\WINDOWS\system32a2.sys><N/A>

==================================
Browser Add-ons
[Octh Class]
{000123B4-9B42-4900-B3F7-F4B073EFC214} <C:\Program Files\Orbitdownloader\orbitcth.dll, Orbitdownloader.com>
[Adobe PDF Reader Link Helper]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Solid Converter PDF]
{259F616C-A300-44F5-B04A-ED001A26C85C} <C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll, VoyagerSoft, LLC>
[IeCatch5 Class]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <C:\PROGRA~1\FlashGet\jccatch.dll, FlashGet>
[dsWebAllowBHO Class]
{2F85D76C-0569-466F-A488-493E6BD0E955} <C:\Program Files\Windows Desktop Search\dsWebAllow.dll, Microsoft Corporation>
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll, Sun Microsystems, Inc.>
[Windows Live Sign-in Helper]
{9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[Google Toolbar Helper]
{AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[Windows Live Toolbar Helper]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, Microsoft Corporation>
[NTIECatcher Class]
{C56CB6B0-0D96-11D6-8C65-B2868B609932} <C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll, Xi>
[CnsHook Class]
{D157330A-9EF3-49F8-9A67-4141AC41ADD4} <C:\WINDOWS\DOWNLO~1\cnshook.dll, ??因特?件(北京)有限公司>
[超級兔子上網精靈]
{FEDF637B-F631-4583-A210-33CC828D42DB} <C:\DOCUME~1\ADMINI~1\桌面\超級魔~1.95\magicset\HAOKAN~2.DLL, N/A>
[Yahoo 1G電郵]
{507F9113-CD77-4866-BA92-0E86DA3D0B97} <http://cn.zs.yahoo.com/cnsbutton.htm...&btn=yahoomail, N/A>
[尋寶樂趣多]
{59BC54A2-56B3-44a0-93E5-432D58746E26} <http://adtaobao.allyes.com/main/adfc...allyesPara=816, N/A>
[雅虎助手]
{5D73EE86-05F1-49ed-B850-E423120EC338} <http://cn.zs.yahoo.com/cnsbutton.htm...ns&btn=yassist, N/A>
[]
{6354ABE6-05F1-49ed-B850-E423120EC338} <http://cn.widget.yahoo.com/index.htm?source=Cns, N/A>
[情景聊天]
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} <http://cn.zs.yahoo.com/cnsbutton.htm...s&btn=yahoomsg, N/A>
[]
{ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} <http://cn.zs.yahoo.com/cnsbutton.htm...cns&btn=repair, N/A>
[]
{FD00D911-7529-4084-9946-A29F1BDF4FE5} <http://cn.zs.yahoo.com/cnsbutton.htm...=cns&btn=clean, N/A>
[ALiBaBar]
{0A1375E1-56C2-11D6-8E45-8933A0FB5235} <C:\PROGRA~1\ALiBaBar\ALiBaBar.dll, Alfred, C. S. Li>
[FlashGet Bar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\PROGRA~1\FlashGet\fgiebar.dll, Amaze Soft>
[Dr.eye WebPage Translation]
{92B255FE-94E2-4BCA-958D-3926CE38913F} <D:\Program Files\Inventec\Dreye\DreyeMT\DreyeIEBar.dll, >
[Solid Converter PDF]
{259F616C-A300-44F5-B04A-ED001A26C85C} <C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll, VoyagerSoft, LLC>
[Windows Live Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, Microsoft Corporation>
[&Google]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[超級兔子上網精靈]
{FEDF637B-F631-4583-A210-33CC828D42DB} <C:\DOCUME~1\ADMINI~1\桌面\超級魔~1.95\magicset\HAOKAN~2.DLL, N/A>
[Octh Class]
{000123B4-9B42-4900-B3F7-F4B073EFC214} <C:\Program Files\Orbitdownloader\orbitcth.dll, Orbitdownloader.com>
[Adobe PDF Reader Link Helper]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Solid Converter PDF]
{259F616C-A300-44F5-B04A-ED001A26C85C} <C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll, VoyagerSoft, LLC>
[IeCatch5 Class]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <C:\PROGRA~1\FlashGet\jccatch.dll, FlashGet>
[dsWebAllowBHO Class]
{2F85D76C-0569-466F-A488-493E6BD0E955} <C:\Program Files\Windows Desktop Search\dsWebAllow.dll, Microsoft Corporation>
[Windows Desktop Search Combo Control]
{4E430174-1673-4FF3-BF28-A3B37F6573E7} <C:\Program Files\Windows Desktop Search\wdsShell.dll, Microsoft Corporation>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll, Sun Microsystems, Inc.>
[Windows Live Sign-in Helper]
{9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[Google Toolbar Helper]
{AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[Windows Live Toolbar Helper]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, Microsoft Corporation>
[NTIECatcher Class]
{C56CB6B0-0D96-11D6-8C65-B2868B609932} <C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll, Xi>
[CnsHook Class]
{D157330A-9EF3-49F8-9A67-4141AC41ADD4} <C:\WINDOWS\DOWNLO~1\cnshook.dll, ??因特?件(北京)有限公司>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>
[超級兔子上網精靈]
{FEDF637B-F631-4583-A210-33CC828D42DB} <C:\DOCUME~1\ADMINI~1\桌面\超級魔~1.95\magicset\HAOKAN~2.DLL, N/A>
[&Download by Orbit]
<res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201, N/A>
[&Grab video by Orbit]
<res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204, N/A>
[Do&wnload selected by Orbit]
<res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203, N/A>
[Down&load all by Orbit]
<res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202, N/A>
[Foxy 下載]
<res://C:\Program Files\Foxy\Foxy.exe/download.htm, N/A>
[Foxy 搜尋]
<res://C:\Program Files\Foxy\Foxy.exe/search.htm, N/A>
[使用 FlashGet 下載]
<C:\Program Files\FlashGet\jc_link.htm, N/A>
[全部使用 FlashGet 下載]
<C:\Program Files\FlashGet\jc_all.htm, N/A>
[匯出至 Microsoft Office Excel(&X)]
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>



還有喔
 
送花文章: 0, 收花文章: 0 篇, 收花: 0 次
回覆時引用此帖
舊 2007-07-01, 01:57 AM   #2 (permalink)
arratw
榮譽勳章

勳章總數
UID -
在線等級:
文章: n/a
精華:
預設
==================================
Running Processes
[PID: 636][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 708][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1432][c:\windows\installer\services.exe] [N/A, ]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ymfmn4.dll] [N/A, ]
[C:\WINDOWS\system32\msdll.dll] [N/A, ]
[D:\Program Files\Inventec\Dreye\DreyeMT\msnhook.dll] [, 1, 0, 0, 1]
[D:\Program Files\Inventec\Dreye\DreyeMT\DreyeMT.dll] [N/A, ]
[PID: 1468][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\msdll.dll] [N/A, ]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scrchpg.dll] [Kaspersky Lab, 1.0.6.411]
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] [??因特?件(北京)有限公司, 2.5.1.0]
[D:\Program Files\Inventec\Dreye\DreyeMT\msnhook.dll] [, 1, 0, 0, 1]
[D:\Program Files\Inventec\Dreye\DreyeMT\DreyeMT.dll] [N/A, ]
[C:\Program Files\msnshell\msnshell.dll] [MagicShell, 3.1.0.531]
[C:\PROGRA~1\3721\helper.dll] [, 2, 5, 0, 1003]
[C:\PROGRA~1\3721\alrex.dll] [, 2.5.0.1002]
[C:\WINDOWS\DOWNLO~1\cnshook.dll] [??因特?件(北京)有限公司, 2.5.1.6]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mnso1.dll] [N/A, ]
[C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll] [Microsoft Corporation, 02.06.5000.5378 (winmain(wmbla).060313-1257)]
[C:\Program Files\Common Files\ESRI\esriShellExt.dll] [ESRI , 9.0]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0]
[C:\WINDOWS\system32\nvcpl.dll] [NVIDIA Corporation, 6.14.10.8195]
[C:\WINDOWS\system32\NVRSZHT.DLL] [NVIDIA Corporation, 6.14.10.8195]
[C:\WINDOWS\system32\nvshell.dll] [, ]
[C:\Program Files\Common Files\Adobe\Shell\PSICON.DLL] [Adobe Systems, Incorporated, 7.0]
[C:\PROGRA~1\3721\autolive.dll] [, 2, 5, 3, 1007]
[C:\PROGRA~1\3721\alLiveEx.dll] [ , 1, 0, 3, 1006]
[C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll] [VoyagerSoft, LLC, 3.1.430.0]
[C:\PROGRA~1\FlashGet\jccatch.dll] [FlashGet, 1, 1, 5, 0]
[C:\Program Files\Windows Desktop Search\MSNLQP.dll] [Microsoft Corporation, 02.06.5000.5378 (winmain(wmbla).060313-1257)]
[C:\Program Files\Windows Desktop Search\tquery.dll] [Microsoft Corporation, 02.06.5000.5378 (winmain(wmbla).060313-1257)]
[C:\Program Files\Windows Desktop Search\msstrc.dll] [Microsoft Corporation, 02.06.5000.5378 (winmain(wmbla).060313-1257)]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\klscav.dll] [Kaspersky Lab, 6.0.1.411]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prremote.dll] [Kaspersky Lab, 6.0.1.411]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll] [Kaspersky Lab, 6.0.1.411]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prkernel.ppl] [Kaspersky Lab, 6.0.1.411]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\params.ppl] [Kaspersky Lab, 6.0.1.411]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\pxstub.ppl] [Kaspersky Lab, 6.0.1.411]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\tempfile.ppl] [Kaspersky Lab, 6.0.1.411]
[C:\WINDOWS\system32\dfshim.dll] [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
[C:\WINDOWS\system32\mscoree.dll] [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\ShellEx.dll] [Kaspersky Lab, 6.0.1.411]
[C:\Documents and Settings\Administrator\Application Data\Foxy\LinkMaker.dll] [, 1, 1, 1, 0]
[PID: 1852][C:\WINDOWS\SOUNDMAN.EXE] [Realtek Semiconductor Corp., 5, 1, 0, 45]
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] [??因特?件(北京)有限公司, 2.5.1.0]
[D:\Program Files\Inventec\Dreye\DreyeMT\msnhook.dll] [, 1, 0, 0, 1]
[D:\Program Files\Inventec\Dreye\DreyeMT\DreyeMT.dll] [N/A, ]
[C:\WINDOWS\system32\msdll.dll] [N/A, ]
[C:\Program Files\msnshell\msnshell.dll] [MagicShell, 3.1.0.531]
[C:\PROGRA~1\3721\helper.dll] [, 2, 5, 0, 1003]
[PID: 1860][C:\Program Files\msnshell\msnshell.exe] [, 3.1.0.531]
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] [??因特?件(北京)有限公司, 2.5.1.0]
[C:\PROGRA~1\3721\helper.dll] [, 2, 5, 0, 1003]
[C:\Program Files\msnshell\msnshell.dll] [MagicShell, 3.1.0.531]
[D:\Program Files\Inventec\Dreye\DreyeMT\msnhook.dll] [, 1, 0, 0, 1]
[D:\Program Files\Inventec\Dreye\DreyeMT\DreyeMT.dll] [N/A, ]
[C:\WINDOWS\system32\msdll.dll] [N/A, ]
[PID: 1884][C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe] [Kaspersky Lab, 6.0.1.411]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prremote.dll] [Kaspersky Lab, 6.0.1.411]
[C:\PROGRA~1\3721\helper.dll] [, 2, 5, 0, 1003]
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] [??因特?件(北京)有限公司, 2.5.1.0]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\AVPGS.PPL] [Kaspersky Lab, 6.0.1.411]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll] [Kaspersky Lab, 6.0.1.411]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prkernel.ppl] [Kaspersky Lab, 6.0.1.411]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\pxstub.ppl] [Kaspersky Lab, 6.0.1.411]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\params.ppl] [Kaspersky Lab, 6.0.1.411]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\winreg.ppl] [Kaspersky Lab, 6.0.1.411]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\avpgui.ppl] [Kaspersky Lab, 6.0.1.411]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\nfio.ppl] [Kaspersky Lab, 6.0.1.411]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\fsdrvplgn.ppl] [Kaspersky Lab, 6.0.1.411]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\basegui.ppl] [Kaspersky Lab, 6.0.1.411]
[C:\Program Files\msnshell\msnshell.dll] [MagicShell, 3.1.0.531]
[D:\Program Files\Inventec\Dreye\DreyeMT\msnhook.dll] [, 1, 0, 0, 1]
[D:\Program Files\Inventec\Dreye\DreyeMT\DreyeMT.dll] [N/A, ]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\thpimpl.ppl] [Kaspersky Lab, 6.0.1.411]
[C:\WINDOWS\system32\msdll.dll] [N/A, ]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\qb.ppl] [Kaspersky Lab, 6.0.1.411]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mnso1.dll] [N/A, ]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\report.ppl] [Kaspersky Lab, 6.0.1.411]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\prutil.ppl] [Kaspersky Lab, 6.0.1.411]
[PID: 1892][D:\Program Files\Inventec\Dreye\DreyeMT\msnplugin.exe] [, 1, 0, 0, 1]
[C:\PROGRA~1\3721\helper.dll] [, 2, 5, 0, 1003]
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] [??因特?件(北京)有限公司, 2.5.1.0]
[D:\Program Files\Inventec\Dreye\DreyeMT\msnhook.dll] [, 1, 0, 0, 1]
[D:\Program Files\Inventec\Dreye\DreyeMT\DreyeMT.dll] [N/A, ]
[C:\WINDOWS\system32\msdll.dll] [N/A, ]
[C:\Program Files\msnshell\msnshell.dll] [MagicShell, 3.1.0.531]
[PID: 1900][C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe] [Sun Microsystems, Inc., 6.0.10.6]
[C:\Program Files\Java\jre1.6.0_01\bin\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\PROGRA~1\3721\helper.dll] [, 2, 5, 0, 1003]
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] [??因特?件(北京)有限公司, 2.5.1.0]
[PID: 1908][C:\WINDOWS\system32\rundll32.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\PROGRA~1\3721\helper.dll] [, 2, 5, 0, 1003]
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] [??因特?件(北京)有限公司, 2.5.1.0]
[C:\PROGRA~1\3721\autolive.dll] [, 2, 5, 3, 1007]
[C:\PROGRA~1\3721\notifier.dll] [, 2.5.0.1002]
[C:\PROGRA~1\3721\alLiveEx.dll] [ , 1, 0, 3, 1006]
[D:\Program Files\Inventec\Dreye\DreyeMT\msnhook.dll] [, 1, 0, 0, 1]
[D:\Program Files\Inventec\Dreye\DreyeMT\DreyeMT.dll] [N/A, ]
[C:\WINDOWS\system32\msdll.dll] [N/A, ]
[C:\Program Files\msnshell\msnshell.dll] [MagicShell, 3.1.0.531]
[C:\WINDOWS\system32\mscoree.dll] [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
[C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll] [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
[PID: 1924][C:\Program Files\iTunes\iTunesHelper.exe] [Apple Computer, Inc., 7.0.2.16]
[C:\PROGRA~1\3721\helper.dll] [, 2, 5, 0, 1003]
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] [??因特?件(北京)有限公司, 2.5.1.0]
[C:\Program Files\iTunes\iTunesHelper.Resources\zh_TW.lproj\iTunesHelperLocalized.DLL] [Apple Computer, Inc., 7.0.2.1]
[C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.DLL] [Apple Computer, Inc., 7.0.2.16]
[D:\Program Files\Inventec\Dreye\DreyeMT\msnhook.dll] [, 1, 0, 0, 1]
[D:\Program Files\Inventec\Dreye\DreyeMT\DreyeMT.dll] [N/A, ]
[C:\WINDOWS\system32\msdll.dll] [N/A, ]
[PID: 3192][C:\WINDOWS\system32\CTFMON.EXE] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\Program Files\Inventec\Dreye\DreyeMT\msnhook.dll] [, 1, 0, 0, 1]
[D:\Program Files\Inventec\Dreye\DreyeMT\DreyeMT.dll] [N/A, ]
[C:\Program Files\msnshell\msnshell.dll] [MagicShell, 3.1.0.531]
[C:\PROGRA~1\3721\helper.dll] [, 2, 5, 0, 1003]
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] [??因特?件(北京)有限公司, 2.5.1.0]
[C:\WINDOWS\system32\msdll.dll] [N/A, ]
[PID: 264][C:\Program Files\KKman\KKMAN.exe] [, 1, 0, 0, 1]
[C:\Program Files\msnshell\msnshell.dll] [MagicShell, 3.1.0.531]
[C:\PROGRA~1\3721\helper.dll] [, 2, 5, 0, 1003]
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] [??因特?件(北京)有限公司, 2.5.1.0]
[D:\Program Files\Inventec\Dreye\DreyeMT\msnhook.dll] [, 1, 0, 0, 1]
[D:\Program Files\Inventec\Dreye\DreyeMT\DreyeMT.dll] [N/A, ]
[C:\WINDOWS\system32\msdll.dll] [N/A, ]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mnso1.dll] [N/A, ]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scrchpg.dll] [Kaspersky Lab, 1.0.6.411]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\klscav.dll] [Kaspersky Lab, 6.0.1.411]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prremote.dll] [Kaspersky Lab, 6.0.1.411]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll] [Kaspersky Lab, 6.0.1.411]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prkernel.ppl] [Kaspersky Lab, 6.0.1.411]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\params.ppl] [Kaspersky Lab, 6.0.1.411]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\pxstub.ppl] [Kaspersky Lab, 6.0.1.411]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\tempfile.ppl] [Kaspersky Lab, 6.0.1.411]
[C:\WINDOWS\system32\mscoree.dll] [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
[C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll] [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
[C:\WINDOWS\system32\msxml4.dll] [Microsoft Corporation, 4.20.9841.0]
[C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx] [Adobe Systems, Inc., 9,0,45,0]
[C:\Program Files\Yahoo!\Messenger\YPagerChecker.dll] [TODO: <Company name>, 1.0.0.1]
[C:\Program Files\Yahoo!\Messenger\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\Macromed\Common\SwSupport.dll] [Macromedia, Inc., 10.1r11]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[C:\WINDOWS\system32\ffdshow.ax] [, 1, 0, 0, 1]
[C:\Program Files\Ringz Studio\Storm Codec\Codecs\VSFilter.dll] [Gabest, 1, 0, 0, 9]
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] [??因特?件(北京)有限公司, 2.5.1.0]
[C:\Program Files\msnshell\msnshell.dll] [MagicShell, 3.1.0.531]
[C:\PROGRA~1\3721\helper.dll] [, 2, 5, 0, 1003]
[D:\Program Files\Inventec\Dreye\DreyeMT\msnhook.dll] [, 1, 0, 0, 1]
[D:\Program Files\Inventec\Dreye\DreyeMT\DreyeMT.dll] [N/A, ]
[C:\Program Files\Orbitdownloader\download.dll] [Orbitdownloader.com, 2, 0, 0, 1]
[C:\WINDOWS\system32\msdll.dll] [N/A, ]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mnso1.dll] [N/A, ]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scrchpg.dll] [Kaspersky Lab, 1.0.6.411]
[C:\Program Files\Orbitdownloader\winfile.dll] [orbitdownloader.com, 1, 0, 0, 1]
[C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll] [Microsoft Corporation, 02.06.5000.5378 (winmain(wmbla).060313-1257)]
[C:\WINDOWS\DOWNLO~1\cnshook.dll] [??因特?件(北京)有限公司, 2.5.1.6]
[PID: 1212][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] [??因特?件(北京)有限公司, 2.5.1.0]
[C:\Program Files\msnshell\msnshell.dll] [MagicShell, 3.1.0.531]
[C:\PROGRA~1\3721\helper.dll] [, 2, 5, 0, 1003]
[C:\PROGRA~1\3721\alrex.dll] [, 2.5.0.1002]
[D:\Program Files\Inventec\Dreye\DreyeMT\msnhook.dll] [, 1, 0, 0, 1]
[D:\Program Files\Inventec\Dreye\DreyeMT\DreyeMT.dll] [N/A, ]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scrchpg.dll] [Kaspersky Lab, 1.0.6.411]
[C:\PROGRA~1\3721\autolive.dll] [, 2, 5, 3, 1007]
[C:\PROGRA~1\3721\alLiveEx.dll] [ , 1, 0, 3, 1006]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 7.0.7.2006011200]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll] [VoyagerSoft, LLC, 3.1.430.0]
[C:\PROGRA~1\FlashGet\jccatch.dll] [FlashGet, 1, 1, 5, 0]
[C:\WINDOWS\system32\msdll.dll] [N/A, ]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mnso1.dll] [N/A, ]
[C:\Program Files\Common Files\ESRI\esriShellExt.dll] [ESRI , 9.0]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0]
[C:\WINDOWS\system32\nvcpl.dll] [NVIDIA Corporation, 6.14.10.8195]
[C:\WINDOWS\system32\NVRSZHT.DLL] [NVIDIA Corporation, 6.14.10.8195]
[C:\WINDOWS\system32\nvshell.dll] [, ]
[C:\WINDOWS\DOWNLO~1\CnsMinIO.dll] [??因特?件(北京)有限公司, 2.5.0.5]
[C:\WINDOWS\DOWNLO~1\cnsio.dll] [??因特?件(北京)有限公司, 2.5.0.4]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\ShellEx.dll] [Kaspersky Lab, 6.0.1.411]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[C:\Documents and Settings\Administrator\Application Data\Foxy\LinkMaker.dll] [, 1, 1, 1, 0]
[C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll] [Microsoft Corporation, 02.06.5000.5378 (winmain(wmbla).060313-1257)]
[PID: 3364][C:\Program Files\WinRAR\WinRAR.exe] [N/A, ]
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] [??因特?件(北京)有限公司, 2.5.1.0]
[C:\Program Files\msnshell\msnshell.dll] [MagicShell, 3.1.0.531]
[C:\PROGRA~1\3721\helper.dll] [, 2, 5, 0, 1003]
[D:\Program Files\Inventec\Dreye\DreyeMT\msnhook.dll] [, 1, 0, 0, 1]
[D:\Program Files\Inventec\Dreye\DreyeMT\DreyeMT.dll] [N/A, ]
[C:\WINDOWS\system32\msdll.dll] [N/A, ]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mnso1.dll] [N/A, ]
[PID: 3992][C:\Downloads\sreng2\SREng.EXE] [Smallfrogs Studio, 2.4.12.806]
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] [??因特?件(北京)有限公司, 2.5.1.0]
[C:\Program Files\msnshell\msnshell.dll] [MagicShell, 3.1.0.531]
[C:\PROGRA~1\3721\helper.dll] [, 2, 5, 0, 1003]
[D:\Program Files\Inventec\Dreye\DreyeMT\msnhook.dll] [, 1, 0, 0, 1]
[D:\Program Files\Inventec\Dreye\DreyeMT\DreyeMT.dll] [N/A, ]
[C:\WINDOWS\system32\msdll.dll] [N/A, ]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mnso1.dll] [N/A, ]
[C:\Downloads\sreng2\Plugins\NWMON.SRE] [Smallfrogs Studio, 1, 0, 0, 8]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scrchpg.dll] [Kaspersky Lab, 1.0.6.411]

==================================
File Associations
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
N/A

==================================
Autorun.Inf
N/A

==================================
HOSTS File
127.0.0.1 localhost

==================================
API HOOK
RVA Error: LoadLibraryA (Dangerous Level: Generic, Hooked by Module: Dest Addr: 0xF5528B25)
RVA Error: LoadLibraryExA (Dangerous Level: Generic, Hooked by Module: Dest Addr: 0xF5528D67)
RVA Error: LoadLibraryExW (Dangerous Level: Generic, Hooked by Module: Dest Addr: 0xF5528F0B)
RVA Error: LoadLibraryW (Dangerous Level: Generic, Hooked by Module: Dest Addr: 0xF5528C49)
RVA Error: GetProcAddress (Dangerous Level: High, Hooked by Module: Dest Addr: 0xF5528E8F)

==================================



很多,是不是中毒太深
 
送花文章: 0, 收花文章: 0 篇, 收花: 0 次
回覆時引用此帖
舊 2007-07-01, 02:58 AM   #3 (permalink)
長老會員
 
plunderer 的頭像
榮譽勳章
UID - 74024
在線等級: 級別:51 | 在線時長:2853小時 | 升級還需:59小時級別:51 | 在線時長:2853小時 | 升級還需:59小時級別:51 | 在線時長:2853小時 | 升級還需:59小時級別:51 | 在線時長:2853小時 | 升級還需:59小時級別:51 | 在線時長:2853小時 | 升級還需:59小時級別:51 | 在線時長:2853小時 | 升級還需:59小時
註冊日期: 2003-05-31
文章: 1399
精華: 0
現金: 507220 金幣
資產: 608580 金幣
預設
中了 3721...

在 Boot Items 內刪除下列項目:

Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32

{D157330A-9EF3-49F8-9A67-4141AC41ADD4}><C:\WINDOWS\DOWNLO~1\cnshook.dll

[CnsMinKP / CnsMinKP][Running/Boot Start]
<\SystemRoot\system32\drivers\CnsMinKP.sys><??因特?件(北京)有限公司>

[CnsStd / CnsStd][Running/Auto Start]
<\SystemRoot\System32\drivers\CnsStd.sys><北京三七二一科技有限公司>

[CnsHook Class]
{D157330A-9EF3-49F8-9A67-4141AC41ADD4} <C:\WINDOWS\DOWNLO~1\cnshook.dll, ??因特?件(北京)有限公司>

重新開機後, 以安全模式登入 windows, 卸載 3721 或刪除這兩個目錄
C:\PROGRA~1\3721
C:\WINDOWS\DOWNLO~1

P.S
SREng 日誌詳細, 但 hijackthis 操作較方便也較容易看出問題
執行上述動作後, 最好再用 hijackthis 掃一次
__________________
刑天舞干戚
plunderer 目前離線  
送花文章: 6, 收花文章: 575 篇, 收花: 1747 次
回覆時引用此帖
發文 回覆

« 上一主題 | 下一主題 »


發表規則
不可以發文
不可以回覆主題
不可以上傳附加檔案
不可以編輯您的文章
論壇啟用 BB 語法
論壇啟用 表情符號
論壇啟用 [IMG] 語法
論壇禁用 HTML 語法
Trackbacks are 禁用
Pingbacks are 禁用
Refbacks are 禁用


所有時間均為台北時間。現在的時間是 03:21 AM

《 史萊姆的第一個家 》 - 論壇存檔 - 返回頂端

Powered by vBulletin® 版本 3.6.8
版權所有 ©2000 - 2024, Jelsoft Enterprises Ltd.

『服務條款』

* 有問題不知道該怎麼解決嗎?請聯絡本站的系統管理員 *


SEO by vBSEO 3.6.1