huangligang
新手上路
积分 20
发帖 20
注册 2009-5-4
|
#1 试用版 主页被改成www.ff2000.com
我在公司的一台机器上使用试用版时,
下载一个软件安装之后主页就被改了,
我锁定主页也不起作用,
只要我重启IE就又回到www.ff2000.com,
但是用微点看里面主页是我自己设置的那个主页,
请问这是为什么呢?
| |
※ ※ ※ 本文纯属【huangligang】个人意见,与【 微点交流论坛 】立场无关※ ※ ※
|
 |
|
2009-5-25 16:15 |
|
huangligang
新手上路
积分 20
发帖 20
注册 2009-5-4
|
#2
可不可以给我一个解决方法啊?
版主大大?
我在线等……
| |
※ ※ ※ 本文纯属【huangligang】个人意见,与【 微点交流论坛 】立场无关※ ※ ※
|
|
|
|
2009-5-25 16:18 |
|
huangligang
新手上路
积分 20
发帖 20
注册 2009-5-4
|
#3
好可怕啊,
要是这样,
中个什么别的木马,
会不会也不报错啊?
| |
※ ※ ※ 本文纯属【huangligang】个人意见,与【 微点交流论坛 】立场无关※ ※ ※
|
|
|
|
2009-5-25 16:20 |
|
Legend
超级版主
超级版主
积分 77171
发帖 70170
注册 2005-10-29
|
|
|
2009-5-25 16:24 |
|
huangligang
新手上路
积分 20
发帖 20
注册 2009-5-4
|
#5
2009-05-25,16:30:45
System Repair Engineer 2.7.1.1261
Smallfrogs ([url]http://www.KZTechs.com)[/url]
Windows XP Professional Service Pack 3 (Build 2600) - 管理权限用户 - 完整功能
以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
进程特权扫描
计划任务
API HOOK
隐藏进程
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<PostBootReminder><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher]
<CDBurn><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher]
<WebCheck><C:\WINDOWS\system32\webcheck.dll> [(Verified)Microsoft Windows Component Publisher]
<SysTray><C:\WINDOWS\system32\stobject.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
<WinlogonNotify: crypt32chain><crypt32.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
<WinlogonNotify: cryptnet><cryptnet.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
<WinlogonNotify: cscdll><cscdll.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
<WinlogonNotify: dimsntfy><%SystemRoot%\System32\dimsntfy.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
<WinlogonNotify: ScCertProp><wlnotify.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
<WinlogonNotify: Schedule><wlnotify.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
<WinlogonNotify: sclgntfy><sclgntfy.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
<WinlogonNotify: SensLogn><WlNotify.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
<WinlogonNotify: termsrv><wlnotify.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
<WinlogonNotify: wlballoon><wlnotify.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
<{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher]
<{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
<IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
<Microsoft Windows Media
| |
※ ※ ※ 本文纯属【huangligang】个人意见,与【 微点交流论坛 】立场无关※ ※ ※
|
|
|
|
2009-5-25 16:37 |
|
huangligang
新手上路
积分 20
发帖 20
注册 2009-5-4
|
#6
Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
<Browser Customizations><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
<浏览器自定义组件><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
<Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
<Internet Explorer><C:\WINDOWS\system32\ie4uinit.exe -BaseSettings> [(Verified)Microsoft Windows Component Publisher]
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><C:\WINDOWS\system32\bubbles.scr> [Microsoft Corporation]
==================================
启动文件夹
N/A
==================================
服务
[Contrl Center of Storm Media / ccosm][Stopped/Disabled]
<C:\Program Files\StormII\stormliv.exe /asservice><北京暴风网际科技有限公司>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[MPSVC Service / MPSVCService][Running/Auto Start]
<d:\Program Files\Micropoint\MPSVC.exe><Micropoint Corporation>
==================================
驱动程序
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Stopped/Manual Start]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[Creative AudioPCI (ES1371,ES1373) (WDM) / es1371][Stopped/Manual Start]
<system32\drivers\es1371mp.sys><Creative Technology Ltd.>
[Microsoft HID Class Driver / HidUsb][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\hidusb.sys><Microsoft Corporation>
[Intel AHCI Controller / iaStor7][Running/Boot Start]
<\SystemRoot\system32\drivers\iastor7.sys><Intel Corporation>
[Keyboard HID Driver / kbdhid][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\kbdhid.sys><Microsoft Corporation>
[mp110001 / mp110001][Running/Auto Start]
<system32\drivers\mp110001.sys><Micropoint Corporation>
[mp110002 / mp110002][Running/Auto Start]
<system32\drivers\mp110002.sys><Micropoint Corporation>
[mp110003 / mp110003][Running/Boot Start]
<\SystemRoot\system32\drivers\mp110003.sys><Micropoint Corporation>
[mp110004 / mp110004][Running/Auto Start]
<system32\drivers\mp110004.sys><Micropoint Corporation>
[mp110005 / mp110005][Running/Manual Start]
<system32\drivers\mp110005.sys><Micropoint Corporation>
[mp110006 / mp110006][Running/System Start]
<system32\drivers\mp110006.sys><Micropoint Corporation>
[mp110007 / mp110007][Running/System Start]
<system32\drivers\mp110007.sys><Micropoint Corporation>
[mp110008 / mp110008][Running/Auto Start]
<system32\drivers\mp110008.sys><Micropoint Corporation>
[mp110009 / mp110009][Running/System Start]
<system32\drivers\mp110009.sys><Micropoint Corporation>
[mp110010 / mp110010][Running/Boot Start]
| |
※ ※ ※ 本文纯属【huangligang】个人意见,与【 微点交流论坛 】立场无关※ ※ ※
|
|
|
|
2009-5-25 16:38 |
|
huangligang
新手上路
积分 20
发帖 20
注册 2009-5-4
|
#7
<\SystemRoot\system32\drivers\mp110010.sys><Micropoint Corporation>
[mp110011 / mp110011][Running/System Start]
<system32\drivers\mp110011.sys><Micropoint Corporation>
[mp110013 / mp110013][Running/Boot Start]
<\SystemRoot\system32\drivers\mp110013.sys><Micropoint Corporation>
[NVIDIA nForce RAID Driver / nvrd32][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\nvrd32.sys><NVIDIA Corporation>
[AMD PCNET Compatable Adapter Driver / PCnet][Stopped/Manual Start]
<system32\DRIVERS\pcntpci5.sys><AMD Inc.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[S3G700 / S3G700][Running/Manual Start]
<system32\DRIVERS\S3G700m.sys><S3 Graphics Co., Ltd.>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[SATALink driver accelerator / SiFilter][Stopped/Disabled]
<\SystemRoot\system32\DRIVERS\SiWinAcc.sys><Silicon Image, Inc.>
[SiS PCI Fast Ethernet Adapter Driver / SISNIC][Stopped/Manual Start]
<system32\DRIVERS\sisnic.sys><SiS Corporation>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
<system32\DRIVERS\tcpip.sys><N/A>
[Microsoft USB Generic Parent Driver / usbccgp][Stopped/Manual Start]
<system32\DRIVERS\usbccgp.sys><Microsoft Corporation>
[viamraid / viamraid][Stopped/Boot Start]
<\SystemRoot\system32\DRIVERS\viamraid.sys><VIA Technologies inc,.ltd>
==================================
浏览器加载项
[ThunderAtOnce Class]
{01443AEC-0FD1-40fd-9C87-E93D1494C233} <C:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[Adobe PDF Link Helper]
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll, (Signed) Adobe Systems Incorporated>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[]
{e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, (Signed) N/A>
[ThunderAtOnce Class]
{01443AEC-0FD1-40FD-9C87-E93D1494C233} <C:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, (Signed) Microsoft Corporation>
[Adobe PDF Link Helper]
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll, (Signed) Adobe Systems Incorporated>
[Thunder Agent Class]
{485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <C:\Program Files\Thunder\ComDlls\ThunderAgent_Now.dll, Thunder Networking Technologies,LTD>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, (Signed) Microsoft Corporation>
[XMP Class]
{6483F145-A768-4C41-AACC-52D4D7845851} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, >
[XDRM]
{693571CB-54A3-4E90-9D52-EEAE1334E2D3} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work, >
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[RMGetLicense Class]
{A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, (Signed) Microsoft Corporation>
[Thunder DapCtrl]
{ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\DapCtrl1.5.578.28.703.dll, ShenZhen Thunder Networking Technologies Ltd.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx, (Signed) Adobe Systems, Inc.>
[]
{E2E2DD38-D088-4134-82B7-F2BA38496583} <, >
[XML HTTP Request]
{ED8C108E-4349-11D2-91A4-00C04F7969E8} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[Thunder DapPlayer]
{EEDD6FF9-13DE-496B-9A1C-D78B3215E266} <C:\Program Files\Thunder\Components\DownAndPlay\DapPlayer3.0.578.69.703.dll, ShenZhen Thunder Networking Technologies Ltd.>
[XPPlayer Class]
{F3E70CEA-956E-49CC-B444-73AFE593AD7F} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\pplayer.dll_1_work, (Signed) Thunder>
[XML HTTP]
{F6D90F16-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[使用迅雷下载]
| |
※ ※ ※ 本文纯属【huangligang】个人意见,与【 微点交流论坛 】立场无关※ ※ ※
|
|
|
|
2009-5-25 16:38 |
|
huangligang
新手上路
积分 20
发帖 20
注册 2009-5-4
|
#8
<C:\Program Files\Thunder\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
<C:\Program Files\Thunder\Program\getallurl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
<res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ表情]
<, >
==================================
正在运行的进程
[PID: 444][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 500][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 524][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
[C:\WINDOWS\system32\sfc_os.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[d:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 1.3.3.345]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 568][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)]
[d:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 1.3.3.345]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 580][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[d:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 1.3.3.345]
[PID: 740][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[d:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 1.3.3.345]
[PID: 976][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[d:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 1.3.3.345]
[PID: 1196][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\System32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[d:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 1.3.3.345]
[C:\WINDOWS\System32\sfc_os.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1468][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[d:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 1.3.3.345]
[PID: 1484][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[d:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 1.3.3.345]
[PID: 276][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[d:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 1.3.3.345]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 9.1.0.2009022700]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.762]
[C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.CHS] [, ]
[C:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll] [Thunder Networking Technologies,LTD, 1.0.5.29]
[C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 8, 96]
[PID: 1636][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
[C:\WINDOWS\System32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[d:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 1.3.3.345]
[PID: 708][C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE] [Microsoft Corporation, 11.0.5612]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[d:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 1.3.3.345]
[C:\Program Files\Microsoft Office\OFFICE11\GdiPlus.DLL] [Microsoft Corporation, 6.0.3260.0]
[C:\Program Files\Common Files\Microsoft Shared\office11\riched20.dll] [Microsoft Corporation, 5.50.30.2002]
[PID: 368][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1776][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 7.00.6000.16827 (vista_gdr.090226-1506)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[d:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 1.3.3.345]
[C:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll] [Thunder Networking Technologies,LTD, 1.0.5.29]
[C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll] [Adobe Systems Incorporated, 9.1.0.2009022700]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.762]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll] [Microsoft Corporation, 8.00.50727.762]
[C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 9.1.0.2009022700]
[C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 8, 96]
[C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx] [Adobe Systems, Inc., 10,0,22,87]
[C:\WINDOWS\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950]
[C:\Program Files\Thunder\ComDlls\ThunderAgent_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 4, 23]
[PID: 348][C:\Program Files\Thunder\Program\Thunder5.exe] [Thunder Networking Technologies,LTD, 5.7.9.472]
| |
※ ※ ※ 本文纯属【huangligang】个人意见,与【 微点交流论坛 】立场无关※ ※ ※
|
|
|
|
2009-5-25 16:39 |
|
huangligang
新手上路
积分 20
发帖 20
注册 2009-5-4
|
#9
[C:\Program Files\Thunder\Program\BugReport.dll] [Thunder Networking Technologies,LTD, 1, 2, 0, 15]
[C:\Program Files\Thunder\Program\ThunderEx.dll] [, 1, 2, 4, 21]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\Program Files\Thunder\Program\TaskManager.dll] [Thunder Networking Technologies,LTD, 1, 3, 4, 62]
[C:\Program Files\Thunder\Program\download_interface.dll] [Thunder Networking Technologies,LTD, 3, 0, 2, 307]
[C:\Program Files\Thunder\Program\stlport_vc646.dll] [STLport Consulting, Inc., 4.6.2003.1031]
[d:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 1.3.3.345]
[C:\Program Files\Thunder\Program\asyn_frame.dll] [, 1, 0, 2, 7]
[C:\Program Files\Thunder\Program\backend_agent.dll] [, 1, 0, 2, 11]
[C:\Program Files\Thunder\Program\ptl.dll] [Thunder Networking Technologies, LTD, 1, 0, 2, 12]
[C:\Program Files\Thunder\Program\p2p_upload.dll] [, 1, 0, 2, 7]
[C:\Program Files\Thunder\Program\fs.dll] [, 1, 0, 2, 7]
[C:\Program Files\Thunder\Program\p2p.dll] [, 1, 0, 2, 12]
[C:\Program Files\Thunder\Program\p2p_local_res.dll] [, 1, 0, 2, 7]
[C:\Program Files\Thunder\Program\p2sp.dll] [, 1, 0, 2, 13]
[C:\Program Files\Thunder\Program\down_dispatcher.dll] [, 1, 0, 2, 12]
[C:\Program Files\Thunder\Program\xldc.dll] [Thunder Networking Technologies,LTD, 1, 5, 2, 9]
[C:\Program Files\Thunder\Program\bd.dll] [Thunder Networking Technologies,LTD, 1, 0, 2, 16]
[C:\Program Files\Thunder\Program\stream.dll] [, 2, 0, 2, 308]
[C:\Program Files\Thunder\Program\al.dll] [, 1, 1, 2, 9]
[C:\Program Files\Thunder\Program\emule_id.dll] [, 1, 0, 2, 6]
[C:\Program Files\Thunder\Program\XLNet.Dll] [Thunder Networking Technologies,LTD, 1, 4, 5, 21]
[C:\Program Files\Thunder\Program\BHOStub.dll] [Thunder Networking Technologies,LTD, 1, 1, 1, 10]
[C:\Program Files\Thunder\Components\DownAndPlay\DownAndPlay.dll] [, 1, 0, 8, 26]
[C:\Program Files\Thunder\Program\iTargetAD.dll] [N/A, ]
[C:\Program Files\Thunder\Components\Community\XLCommunity.dll] [Thunder Networking Technologies,LTD, 1, 5, 0, 16]
[C:\Program Files\Thunder\Program\XLCommunityEx.dll] [N/A, ]
[C:\Program Files\Thunder\Program\RegisterDll.dll] [Thunder Networking Technologies,LTD, 2, 16, 5, 63]
[C:\Program Files\Thunder\Program\MSVCIRT.dll] [Microsoft Corporation, 7.0.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Thunder\Components\Search\XLSearch.dll] [Thunder Networking Technologies,LTD, 1, 1, 6, 21]
[C:\Program Files\Thunder\Program\LiveUpdate.dll] [Thunder Networking Technologies,LTD, 1, 2, 3, 25]
[C:\Program Files\Thunder\Plugins\GouGouTop\GouGouTop.dll] [Thunder Networking Technologies,LTD, 1, 0, 2, 5]
[C:\Program Files\Thunder\Components\ExplorerHelper\ExplorerHelper.dll] [Thunder Networking Technologies,LTD, 1, 0, 4, 18]
[C:\Program Files\Thunder\ComDlls\ThunderAgent_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 4, 23]
[C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 8, 96]
[C:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll] [Thunder Networking Technologies,LTD, 1.0.5.29]
[C:\Program Files\Thunder\Components\DownloadStat\DownloadStat.dll] [Thunder Networking Technologies,LTD, 1, 4, 1, 6]
[PID: 1204][C:\Program Files\WinRAR\WinRAR.exe] [Alexander Roshal, 3.71]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[d:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 1.3.3.345]
[PID: 1868][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.531\SREngLdr.EXE] [Smallfrogs Studio, 2.7.1.1261]
[d:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 1.3.3.345]
[PID: 236][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.531\SRE4d01b03e.EXE] [Smallfrogs Studio, 2.7.1.1261]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\sfc_os.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.531\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
[d:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 1.3.3.345]
==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
127.0.0.1 localhost
127.0.0.1 858656.com
127.0.0.1 my123.com
127.0.0.1 8749.com
127.0.0.1 4199.com
127.0.0.1 7379.com
127.0.0.1 7255.com
127.0.0.1 3448.com
127.0.0.1 7939.com
127.0.0.1 8009.com
127.0.0.1 piaoxue.com
127.0.0.1 kzdh.com
127.0.0.1 about.blank.la
127.0.0.1 6781.com
127.0.0.1 7322.com
127.0.0.1 9991.com
==================================
进程特权扫描
特殊特权被允许: SeLoadDriverPrivilege [PID = 348, C:\PROGRAM FILES\THUNDER\PROGRAM\THUNDER5.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1204, C:\PROGRAM FILES\WINRAR\WINRAR.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1868, C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\RAR$EX00.531\SRENGLDR.EXE]
==================================
计划任务
N/A
==================================
API HOOK
入口点错误:CreateProcessA (危险等级: 高, 被下面模块所HOOK: 0x849F695D)
==================================
隐藏进程
N/A
| |
※ ※ ※ 本文纯属【huangligang】个人意见,与【 微点交流论坛 】立场无关※ ※ ※
|
|
|
|
2009-5-25 16:39 |
|
huangligang
新手上路
积分 20
发帖 20
注册 2009-5-4
|
#10
用不了QQ啊,
可以别的不?
| |
※ ※ ※ 本文纯属【huangligang】个人意见,与【 微点交流论坛 】立场无关※ ※ ※
|
|
|
|
2009-5-25 16:42 |
|
|
