²Æ¾­ÉçÇøÅ®ÐÔÉçÇøÆû³µÉçÇø¾üÊÂÉçÇøÎÄѧÉçÇøÉç»áÉçÇøÓéÀÖÉçÇøÓÎÏ·ÉçÇø¸öÈË¿Õ¼ä
¡¾È«²¿¡¿¡¾¾«»ª¡¿¡¾ÈÈÃÅ¡¿·ÖÀࣺ¡¾Ô­´´¡¿¡¾ÌÖÂÛ¡¿¡¾ÇóÖú¡¿¡¾¹«¸æ¡¿¡¾·ÖÏí¡¿¡¾ÏÂÔØ¡¿¡¾Ìùͼ¡¿¡¾ÒôÀÖ¡¿¡¾ÊÓƵ¡¿¡¾Flash¡¿
ÉÏÒ»Ö÷Ì⣺¿¨°Í˹»ùÎÞ²¡¶¾±¨¸æ£¬µ«¿¨µÃÓôÃÆ£¡ ÏÂÒ»Ö÷Ì⣺ÎÒµÄÈÕÖ¾ÎļþSREngLOG.log
ÇóÖú°¡£¡µçÄÔÖØ×°3´ÎÁË£¡[Êղر¾Ìû]
[Â¥Ö÷] ×÷Õß:hbxf2 ·¢±íʱ¼ä:2007/03/27 23:37
Ð޸Ġ¼Ó¾« Öö¥ Ëø¶¨ ±êÌâ À´Ô´ É¾³ý
µã»÷:670´Î

[CODE]

2007-03-27,23:13:31

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - ¹ÜÀíȨÏÞÓû§ - ÍêÕû¹¦ÄÜ

ÒÔÏÂÄÚÈݱ»Ñ¡ÖУº
    ËùÓеÄÆô¶¯ÏîÄ¿£¨°üÀ¨×¢²á±í¡¢Æô¶¯Îļþ¼Ð¡¢·þÎñµÈ£©
    ä¯ÀÀÆ÷¼ÓÔØÏî
    ÕýÔÚÔËÐеĽø³Ì£¨°üÀ¨½ø³ÌÄ£¿éÐÅÏ¢£©
    Îļþ¹ØÁª
    Winsock ÌṩÕß
    Autorun.inf
    HOSTS Îļþ


Æô¶¯ÏîÄ¿
×¢²á±í
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
    <run><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <!AVG Anti-Spyware><"F:\EWido\AVG\AVG Anti-Spyware 7.5\avgas.exe" /minimized>  [Anti-Malware Development a.s.]
    <cmdbcs><C:\WINDOWS\cmdbcs.exe>  []
    <upxdnd><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\update3.exe>  [N/A]
    <mppds><C:\WINDOWS\mppds.exe>  []
    <kis><"F:\¿¨°Í\kis600307.sch\avp.exe">  [Kaspersky Lab]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <twin><C:\WINDOWS\system32\twunk32.exe>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><608769M.BMP>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{54D9498B-CF93-414F-8984-8CE7FDE0D391}><F:\EWido\EWIDO3.5\shellhook.dll>  [N/A]
    <{A6011F8F-A7F8-49AA-9ADA-49127D43138F}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\NewInfo.rxk>  []
    <{57B86673-276A-48B2-BAE7-C6DBB3020EB8}><F:\EWido\AVG\AVG Anti-Spyware 7.5\shellexecutehook.dll>  [Anti-Malware Development a.s.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
    <WinlogonNotify: klogon><C:\WINDOWS\system32\klogon.dll>  [Kaspersky Lab]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><C:\DOCUME~1\ADMINI~1\×ÀÃæ\xdelbox1.2\XDELBO~1.SCR>  [½£Ã˼¼ÊõÍŶÓ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <!AVG Anti-Spyware><; "F:\EWido\AVG\AVG Anti-Spyware 7.5\avgas.exe" /minimized>  [Anti-Malware Development a.s.]
    <!ewido><; "F:\ewido\ewido anti-spyware 4.0\ewido.exe" /minimized>  [N/A]
    <compmgmt><; C:\WINDOWS\system32\compmgmt.exe>  []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><; C:\WINDOWS\system32\CTFMON.EXE>  [(Verified)Microsoft Windows Publisher]
    <iz46z07lw><; C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\crasos.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <kernelmh><; C:\WINDOWS\Kernelmh.exe>  []
    <kis><; "F:\¿¨°Í\kis600307.sch\avp.exe">  [Kaspersky Lab]
    <mppds><; C:\WINDOWS\mppds.exe>  []
    <ntmsoprq><; C:\WINDOWS\system32\ntmsoprq.exe>  [Microsoft Corporation]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <qt3ii85kvbfc><; C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Servere.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <scrnsave><; C:\WINDOWS\system32\prnmngr.exe>  [Microsoft Corporation]
    <StormCodec_Helper><; "F:\±©·çÓ°Òô\Storm Codec\StormSet.exe" /S /opti>  []
    <upxdnd><; C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\update3.exe>  [N/A]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <viq88><; C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rundl132.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <wsttrs><; C:\WINDOWS\wsttrs.exe>  []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <yi4jgw1ff><; C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\iexpl0re.exe>  []

==================================
Æô¶¯Îļþ¼Ð
[ÐÇ¿Õ¼«ËÙ]
  <C:\Documents and Settings\All Users\¡¸¿ªÊ¼¡¹²Ëµ¥\³ÌÐò\Æô¶¯\ÐÇ¿Õ¼«ËÙ.lnk --> C:\PROGRA~1\ChinaNet\VNETCL~1.EXE []><N>

==================================
·þÎñ
[AVG Anti-Spyware Guard / AVG Anti-Spyware Guard][Running/Auto Start]
  <F:\EWido\AVG\AVG Anti-Spyware 7.5\guard.exe><Anti-Malware Development a.s.>
[¿¨°Í˹»ù»¥ÁªÍø°²È«Ì××° 6.0 / AVP][Running/Auto Start]
  <F:\¿¨°Í\kis600307.sch\avp.exe -r><Kaspersky Lab>
[ewido security suite guard / ewido security suite guard][Stopped/Auto Start]
  <F:\EWido\EWIDO3.5\ewidoguard.exe><N/A>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Remote Procedure Call System(RPCS) / RpcS][Running/Auto Start]
  <C:\WINDOWS\system32\RpcS.exe><Microsoft Corporation>
[Windows SystemDown / WindowsDown][Stopped/Auto Start]
  <C:\WINDOWS\system32\servet.exe><N/A>

==================================
Çý¶¯³ÌÐò
[aeaudio / aeaudio][Running/Manual Start]
  <system32\drivers\aeaudio.sys><Andrea Electronics Corporation>
[AliIde / AliIde][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\aliide.sys><N/A>
[AVG Anti-Spyware Driver / AVG Anti-Spyware Driver][Running/System Start]
  <\??\F:\EWido\AVG\AVG Anti-Spyware 7.5\guard.sys><N/A>
[AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start]
  <System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.>
[CmdIde / CmdIde][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[ewido security suite driver / ewido security suite driver][Stopped/System Start]
  <\??\F:\EWido\EWIDO3.5\guard.sys><N/A>
[kl1 / kl1][Running/Boot Start]
  <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
[klif / klif][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
[MegaIDE / MegaIDE][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\MegaIDE.sys><LSI Logic Corporation.>
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
  <system32\drivers\npf.sys><Politecnico di Torino>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\D:\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[smwdm / smwdm][Running/Manual Start]
  <system32\drivers\smwdm.sys><Analog Devices, Inc.>
[TSP / TSP][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
[ViaIde / ViaIde][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[VIMICRO USB PC Camera / ZSMC301b][Running/Manual Start]
  <System32\Drivers\usbVM31b.sys><VM>

==================================
ä¯ÀÀÆ÷¼ÓÔØÏî
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[Æô¶¯Ñ¸À×5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[FANSÒôÀÖ]
  {1934091F-CD97-51E1-B1D4-D23794813092} <http://music.fans.com.cn?1116, N/A>
[FANS]
  {1934091F-CD97-51E1-B1D4-D96794013092} <http://bbs.fans.com.cn?1115, N/A>
[Web·´²¡¶¾±£»¤]
  {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <F:\¿¨°Í\kis600307.sch\scieplugin.dll, Kaspersky Lab>
[JUJUè]
  {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.jujumao.net, N/A>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\QQ\QQ.EXE, TENCENT>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[Thunder Browser Helper]
  {4E83D566-4697-4F7B-B1F0-A513B01DB89A} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[VnetCookie Class]
  {4E83D567-4697-4F7B-B1F0-A513B01DB89A} <, N/A>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[&ʹÓÃѸÀ×ÏÂÔØ]
  <C:\Program Files\Thunder Network\Thunder\Program\geturl.htm, N/A>
[&ʹÓÃѸÀ×ÏÂÔØÈ«²¿Á´½Ó]
  <C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm, N/A>
[ÉÏ´«µ½QQÍøÂçÓ²ÅÌ]
  <D:\QQ\AddToNetDisk.htm, N/A>
[ʹÓÃÍø¼Ê¿ì³µÏÂÔØ]
  <, N/A>
[ʹÓÃÍø¼Ê¿ì³µÏÂÔØÈ«²¿Á´½Ó]
  <, N/A>
[µ¼³öµ½ Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[Ìí¼Óµ½QQ×Ô¶¨ÒåÃæ°å]
  <D:\QQ\AddPanel.htm, N/A>
[Ìí¼Óµ½QQ±íÇé]
  <D:\QQ\AddEmotion.htm, N/A>
[ÓÃQQ²ÊÐÅ·¢Ë͸ÃͼƬ]
  <D:\QQ\SendMMS.htm, N/A>

==================================
ÕýÔÚÔËÐеĽø³Ì
[PID: 504][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 572][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 596][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\608769M.BMP]  [N/A, ]
    [C:\WINDOWS\system32\klogon.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 648][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\608769M.BMP]  [N/A, ]
[PID: 660][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\608769M.BMP]  [N/A, ]
[PID: 828][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\608769M.BMP]  [N/A, ]
[PID: 884][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\608769M.BMP]  [N/A, ]
[PID: 968][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\608769M.BMP]  [N/A, ]
    [F:\¿¨°Í\kis600307.sch\adialhk.dll]  [Kaspersky Lab, 6.0.0.299]
[PID: 1032][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\608769M.BMP]  [N/A, ]
[PID: 1088][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\608769M.BMP]  [N/A, ]
[PID: 1416][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\608769M.BMP]  [N/A, ]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\NewInfo.rxk]  [N/A, ]
    [C:\WINDOWS\system32\mppds.dll]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\upxdnd.dll]  [N/A, ]
    [C:\WINDOWS\system32\cmdbcs.dll]  [N/A, ]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [F:\¿¨°Í\kis600307.sch\shellex.dll]  [Kaspersky Lab, 6.0.0.299]
    [F:\EWido\AVG\AVG Anti-Spyware 7.5\context.dll]  [Anti-Malware Development a.s., 7, 5, 0, 49]
    [F:\EWido\AVG\AVG Anti-Spyware 7.5\shellexecutehook.dll]  [Anti-Malware Development a.s., 7, 5, 0, 47]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll]  [Thunder Networking Technologies,LTD, 5, 0, 1, 4]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [F:\¿¨°Í\kis600307.sch\adialhk.dll]  [Kaspersky Lab, 6.0.0.299]
[PID: 1716][F:\EWido\AVG\AVG Anti-Spyware 7.5\avgas.exe]  [Anti-Malware Development a.s., 7, 5, 0, 50]
    [F:\EWido\AVG\AVG Anti-Spyware 7.5\engine.dll]  [Anti-Malware Development a.s., 4, 2, 0, 15]
    [C:\WINDOWS\608769M.BMP]  [N/A, ]
[PID: 352][C:\Program Files\ChinaNet\VnetClient.exe]  [, 2005, 11, 14, 1]
    [C:\Program Files\ChinaNet\Communicate.dll]  [0, 2005, 3, 3, 1]
    [C:\Program Files\ChinaNet\DialModule.dll]  [GDCN, 2006, 6, 26, 10]
    [C:\Program Files\ChinaNet\MFC42.DLL]  [Microsoft Corporation, 6.00.8665.0]
    [C:\WINDOWS\608769M.BMP]  [N/A, ]
    [F:\¿¨°Í\kis600307.sch\adialhk.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\PROGRA~1\ChinaNet\CLIENT~1.DLL]  [, 2004, 2, 28, 1]
    [C:\PROGRA~1\ChinaNet\PLUGIN~1.OCX]  [, 2005, 7, 27, 1]
    [C:\PROGRA~1\ChinaNet\sign.dll]  [0, 2004, 12, 1, 1]
    [C:\PROGRA~1\ChinaNet\PostPlug.dll]  [, 2004, 12, 16, 2]
    [C:\PROGRA~1\ChinaNet\ADVERT~1.OCX]  [, 2005, 10, 13, 1]
    [C:\PROGRA~1\ChinaNet\Gif89a.dll]  [, 2005, 6, 21, 1]
    [C:\PROGRA~1\ChinaNet\VnetBs.ocx]  [, 2004, 11, 18, 1]
    [C:\PROGRA~1\ChinaNet\ACCOUN~2.DLL]  [, 2005, 11, 14, 1]
    [C:\PROGRA~1\ChinaNet\AccountMgr.dll]  [, 2005, 11, 14, 17]
    [C:\PROGRA~1\ChinaNet\VnetSkin.ocx]  [GDDC, 2005, 11, 14, 1]
    [C:\PROGRA~1\ChinaNet\DialogStyle.dll]  [, 1, 0, 0, 1]
    [C:\PROGRA~1\ChinaNet\Timer.ocx]  [, 2005, 10, 9, 14]
    [C:\PROGRA~1\ChinaNet\PLUGIN~2.OCX]  [, 2005, 2, 24, 1]
    [C:\PROGRA~1\ChinaNet\NEWMES~1.DLL]  [, 2005, 8, 26, 1]
    [C:\PROGRA~1\ChinaNet\PassCtrl.dll]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\wpcap.dll]  [Politecnico di Torino, 3, 0, 0, 18]
    [C:\WINDOWS\system32\pthreadVC.dll]  [N/A, ]
    [C:\WINDOWS\system32\packet.dll]  [Politecnico di Torino, 3, 0, 0, 18]
    [C:\PROGRA~1\ChinaNet\PlugPush.dll]  [, 2004, 12, 21, 1]
    [C:\PROGRA~1\ChinaNet\ALLINT~1.DLL]  [, 2004, 11, 23, 1]
    [C:\PROGRA~1\ChinaNet\VNetLog.ocx]  [, 2005, 10, 9, 1]
    [C:\PROGRA~1\ChinaNet\StatNum.dll]  [, 2004, 11, 18, 1]
    [C:\PROGRA~1\ChinaNet\VNETON~1.OCX]  [, 2005, 3, 2, 1]
    [C:\PROGRA~1\ChinaNet\ALLFUN~1.DLL]  [GDCN, 2005, 10, 9, 1]
    [C:\PROGRA~1\ChinaNet\VnetOptLog.dll]  [, 2005, 9, 13, 9]
    [F:\¿¨°Í\kis600307.sch\scr_ch_pg.dll]  [Kaspersky Lab, 1.0.6.299]
    [F:\¿¨°Í\kis600307.sch\klscav.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [F:\¿¨°Í\kis600307.sch\prloader.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\PROGRA~1\ChinaNet\DlgSkin.ocx]  [, 2005, 11, 14, 1]
    [F:\¿¨°Í\kis600307.sch\pr_remote.dll]  [Kaspersky Lab, 6.0.0.299]
    [F:\¿¨°Í\kis600307.sch\prkernel.ppl]  [Kaspersky Lab, 6.0.0.304]
    [f:\¿¨°Í\kis600307.sch\params.ppl]  [Kaspersky Lab, 6.0.0.299]
    [f:\¿¨°Í\kis600307.sch\pxstub.ppl]  [Kaspersky Lab, 6.0.0.299]
    [f:\¿¨°Í\kis600307.sch\tempfile.ppl]  [Kaspersky Lab, 6.0.0.299]
[PID: 1384][C:\WINDOWS\regedit.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3548][F:\åÛÓÎ\Maxthon\Maxthon.exe]  [Maxthon International Ltd., 1, 5, 9, 80]
    [F:\åÛÓÎ\Maxthon\maxzlib.dll]  [ , 1, 0, 0, 2]
    [C:\WINDOWS\system32\odbcbcp.dll]  [Microsoft Corporation, 2000.085.1117.00 (xpsp_sp2_rtm.040803-2158)]
    [F:\¿¨°Í\kis600307.sch\scr_ch_pg.dll]  [Kaspersky Lab, 1.0.6.299]
    [F:\¿¨°Í\kis600307.sch\klscav.dll]  [Kaspersky Lab, 6.0.0.299]
    [F:\¿¨°Í\kis600307.sch\pr_remote.dll]  [Kaspersky Lab, 6.0.0.299]
    [F:\¿¨°Í\kis600307.sch\prloader.dll]  [Kaspersky Lab, 6.0.0.299]
    [F:\¿¨°Í\kis600307.sch\prkernel.ppl]  [Kaspersky Lab, 6.0.0.304]
    [f:\¿¨°Í\kis600307.sch\params.ppl]  [Kaspersky Lab, 6.0.0.299]
    [f:\¿¨°Í\kis600307.sch\pxstub.ppl]  [Kaspersky Lab, 6.0.0.299]
    [f:\¿¨°Í\kis600307.sch\tempfile.ppl]  [Kaspersky Lab, 6.0.0.299]
    [F:\åÛÓÎ\Maxthon\Services\RealTime\real_time.dll]  [, 1, 0, 0, 1]
    [F:\¿¨°Í\kis600307.sch\adialhk.dll]  [Kaspersky Lab, 6.0.0.299]
    [f:\¿¨°Í\kis600307.sch\nfio.ppl]  [Kaspersky Lab, 6.0.0.299]
    [f:\¿¨°Í\kis600307.sch\fsdrvplgn.ppl]  [Kaspersky Lab, 6.0.0.299]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\WINWB86.IME]  [Microsoft Corporation, 4.00.950]
[PID: 3096][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\update7.exe]  [N/A, ]
[PID: 3904][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\update8.exe]  [N/A, ]
[PID: 3516][C:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe]  [Thunder Networking Technologies,LTD, 5, 5, 6, 274]
    [C:\Program Files\Thunder Network\Thunder\Program\TaskManager.dll]  [Thunder Networking Technologies,LTD, 1, 0, 2, 14]
    [C:\Program Files\Thunder Network\Thunder\Program\download_interface.dll]  [Thunder Networking Technologies,LTD, 2, 12, 2, 56]
    [C:\Program Files\Thunder Network\Thunder\Program\asyn_dns.dll]  [Thunder Networking Technologies,LTD, 2, 12, 2, 56]
    [C:\Program Files\Thunder Network\Thunder\Program\BHOStub.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 8]
    [C:\Program Files\Thunder Network\Thunder\Program\FloatBar.dll]  [Giganology Inc., 1, 0, 0, 2]
    [C:\Program Files\Thunder Network\Thunder\Program\iTargetAD.dll]  [Thunder Networking Technologies,LTD, 1, 0, 2, 16]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [F:\¿¨°Í\kis600307.sch\adialhk.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\Program Files\Thunder Network\Thunder\Components\DiagnoseHelper\DiagnoseHelper.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 10]
    [C:\Program Files\Thunder Network\Thunder\Components\PortVerify\PortVerify.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 1]
    [C:\Program Files\Thunder Network\Thunder\Components\ExplorerHelper\ExplorerHelper.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 1]
    [C:\Program Files\Thunder Network\Thunder\Components\DTAG\DTAG.dll]  [Thunder Networking Technologies,LTD, 1, 1, 0, 2]
    [C:\Program Files\Thunder Network\Thunder\Components\DTAG\ExtractMediaTag.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 1]
    [C:\Program Files\Thunder Network\Thunder\Program\LiveUpdate.dll]  [, 1, 0, 1, 17]
    [C:\Program Files\Thunder Network\Thunder\Components\InMedia\iEmbedShell.dll]  [¡¡, 1, 0, 0, 15]
    [C:\Program Files\Thunder Network\Thunder\Components\InMedia\iEmbed08.dll]  [¡¡, 3, 2, 0, 63]
    [C:\Program Files\Thunder Network\Thunder\Components\Community\XLCommunity.dll]  [Thunder Networking Technologies,LTD, 1, 0, 4, 15]
    [C:\Program Files\Thunder Network\Thunder\Program\RegisterDll.dll]  [Thunder Networking Technologies,LTD, 2, 2, 1, 43]
    [C:\Program Files\Thunder Network\Thunder\Components\Search\XLSearch.dll]  [Thunder Networking Technologies,LTD, 1, 0, 2, 7]
    [C:\Program Files\Thunder Network\Thunder\Components\P4PClient\P4PClient.dll]  [Thunder Networking Technologies,LTD, 1, 0, 2, 14]
    [C:\Program Files\Thunder Network\Thunder\Components\VPSHELL\VPSHELL.dll]  [, 1, 1, 0, 4]
    [C:\Program Files\Thunder Network\Thunder\Components\VPSHELL\VideoPicture.dll]  [XunLei, 1, 1, 0, 4]
    [C:\Program Files\Thunder Network\Thunder\Components\Tips\TipsClient.dll]  [Thunder Networking Technologies,LTD, 2, 1, 1, 50]
    [F:\¿¨°Í\kis600307.sch\scr_ch_pg.dll]  [Kaspersky Lab, 1.0.6.299]
    [F:\¿¨°Í\kis600307.sch\klscav.dll]  [Kaspersky Lab, 6.0.0.299]
    [F:\¿¨°Í\kis600307.sch\pr_remote.dll]  [Kaspersky Lab, 6.0.0.299]
    [F:\¿¨°Í\kis600307.sch\prloader.dll]  [Kaspersky Lab, 6.0.0.299]
    [F:\¿¨°Í\kis600307.sch\prkernel.ppl]  [Kaspersky Lab, 6.0.0.304]
    [f:\¿¨°Í\kis600307.sch\params.ppl]  [Kaspersky Lab, 6.0.0.299]
    [f:\¿¨°Í\kis600307.sch\pxstub.ppl]  [Kaspersky Lab, 6.0.0.299]
    [f:\¿¨°Í\kis600307.sch\tempfile.ppl]  [Kaspersky Lab, 6.0.0.299]
    [f:\¿¨°Í\kis600307.sch\nfio.ppl]  [Kaspersky Lab, 6.0.0.299]
    [f:\¿¨°Í\kis600307.sch\fsdrvplgn.ppl]  [Kaspersky Lab, 6.0.0.299]
    [C:\Program Files\Thunder Network\Thunder\Plugins\BhoAdv\bho_adv.dll]  [ÉîÛÚÊÐѸÀ×ÍøÂç¼¼ÊõÓÐÏÞ¹«Ë¾, 1.0.1.0]
[PID: 3804][C:\Program Files\WinRAR\WinRAR.exe]  [N/A, ]
    [C:\WINDOWS\system32\Audiodev.dll]  [Microsoft Corporation, 5.2.3790.3646 built by: DNSRV(bld4act)]
[PID: 1204][C:\Documents and Settings\Administrator\×ÀÃæ\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [F:\¿¨°Í\kis600307.sch\adialhk.dll]  [Kaspersky Lab, 6.0.0.299]

==================================
Îļþ¹ØÁª
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock ÌṩÕß
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS Îļþ
127.0.0.1       localhost

==================================
API HOOK
RVA  ´íÎó£º LoadLibraryA (ΣÏյȼ¶: Ò»°ã,  ±»ÏÂÃæÄ£¿éËùHOOK: Dest Addr: 0xF6C44B25)
RVA  ´íÎó£º LoadLibraryExA (ΣÏյȼ¶: Ò»°ã,  ±»ÏÂÃæÄ£¿éËùHOOK: Dest Addr: 0xF6C44D67)
RVA  ´íÎó£º LoadLibraryExW (ΣÏյȼ¶: Ò»°ã,  ±»ÏÂÃæÄ£¿éËùHOOK: Dest Addr: 0xF6C44F0B)
RVA  ´íÎó£º LoadLibraryW (ΣÏյȼ¶: Ò»°ã,  ±»ÏÂÃæÄ£¿éËùHOOK: Dest Addr: 0xF6C44C49)
RVA  ´íÎó£º GetProcAddress (ΣÏյȼ¶: ¸ß,  ±»ÏÂÃæÄ£¿éËùHOOK: Dest Addr: 0xF6C44E8F)

==================================
Òþ²Ø½ø³Ì
N/A

==================================


[/CODE]

±¾ÌûµØÖ·£ºhttp://club.xilu.com/peaset/msgview-199322-41.html[¸´ÖƵØÖ·]
ÉÏÒ»Ö÷Ì⣺¿¨°Í˹»ùÎÞ²¡¶¾±¨¸æ£¬µ«¿¨µÃÓôÃÆ£¡ ÏÂÒ»Ö÷Ì⣺ÎÒµÄÈÕÖ¾ÎļþSREngLOG.log
 [2Â¥]  ×÷Õß:peaset ·¢±íʱ¼ä: 2007/03/28 10:47
[¼ÓΪºÃÓÑ][·¢ËÍÏûÏ¢][¸öÈË¿Õ¼ä]
»Ø¸´ Ð޸ĠÀ´Ô´ É¾³ý

SREµÄÏÂÔغÍʹÓ÷½·¨¼û£ºhttp://hi.baidu.com/peaset/blog/item/3114a7fb17dd19224e4aeadf.html
ÈçºÎ²é¿´Òþ²ØÎļþ:http://hi.baidu.com/peaset/blog/item/84118c250be8286035a80fad.html
unlockerµÄÏÂÔغÍʹÓ÷½·¨¼û£ºhttp://hi.baidu.com/peaset/blog/item/063fe203da49d4ec09fa93d2.html
__________________________________________________________________________________

Ê×ÏÈ£¬Çå³ýIEµÄÁÙʱÎļþ£º´ò¿ªIE µã¹¤¾ß¡ª>InternetÑ¡Ï>InternetÁÙʱÎļþ¡ª>µã¡°É¾³ýÎļþ¡±°´Å¥¡ª>½« "ɾ³ýËùÓÐÍÑ»úÄÚÈÝ" ´ò¹´¡ª>µã"È·¶¨"¡£


ÓÃSREɾ³ýÒÔÏÂ×¢²á±íÏ
<cmdbcs><C:\WINDOWS\cmdbcs.exe>
<upxdnd><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\update3.exe>
<mppds><C:\WINDOWS\mppds.exe>
<twin><C:\WINDOWS\system32\twunk32.exe>
<><C:\Program Files\Common Files\Microsoft Shared\MSINFO\NewInfo.rxk>
<compmgmt><; C:\WINDOWS\system32\compmgmt.exe>
<iz46z07lw><; C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\crasos.exe>
<kernelmh><; C:\WINDOWS\Kernelmh.exe>
<ntmsoprq><; C:\WINDOWS\system32\ntmsoprq.exe>
<qt3ii85kvbfc><; C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Servere.exe>
<scrnsave><; C:\WINDOWS\system32\prnmngr.exe>
<StormCodec_Helper><; "F:\±©·çÓ°Òô\Storm Codec\StormSet.exe" /S /opti> 
<upxdnd><; C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\update3.exe>
<viq88><; C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rundl132.exe>
<wsttrs><; C:\WINDOWS\wsttrs.exe>
<yi4jgw1ff><; C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\iexpl0re.exe> 

ÓÃSREÐÞ¸´ÒÔÏÂ×¢²á±íÏ
  <AppInit_DLLs><608769M.BMP>

ÓÃSREɾ³ýÒÔÏ·þÎñÏ
Remote Procedure Call System(RPCS) / RpcS
Windows SystemDown / WindowsDown


ÓÃunlockerɾ³ýÒÔÏÂÎļþ£º
C:\WINDOWS\system32\mppds.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\upxdnd.dll
C:\WINDOWS\system32\cmdbcs.dll
C:\WINDOWS\system32\compmgmt.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\crasos.exe
C:\WINDOWS\608769M.BMP
C:\WINDOWS\system32\servet.exe
C:\WINDOWS\wsttrs.exe
C:\WINDOWS\system32\ntmsoprq.exe
C:\WINDOWS\Kernelmh.exe
C:\WINDOWS\system32\RpcS.exe
C:\WINDOWS\system32\prnmngr.exe
C:\WINDOWS\mppds.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Servere.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\update3.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rundl132.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\iexpl0re.exe
C:\Program Files\Common Files\Microsoft Shared\MSINFO\NewInfo.rxk

¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª
ÉÏÃæµÄ¶¼×öÍêÁËÖ®ºó£¬ÓÃÏÂXP²¹¶¡³ÌÐò¡£
ÏÂÔصØÖ·£ºhttp://hi.baidu.com/peaset/blog/item/67d44eb52f1d17cf37d3ca8c.html

×îºóÖØÐÂÆô¶¯µçÄÔ¡£²¡¶¾¾Í±»¸ã¶¨ÁË£¡



¡ù¡ù¡ù¡ù¡ù¡ù
·´²¡¶¾¼¼ÊõÖ§³Ö-ALPHA'S STUDIO£ºhttp://hi.baidu.com/peaset
[Â¥Ö÷]  [3Â¥]  ×÷Õß:hbxf2 ·¢±íʱ¼ä: 2007/03/29 14:20
[¼ÓΪºÃÓÑ][·¢ËÍÏûÏ¢][¸öÈË¿Õ¼ä]
»Ø¸´ Ð޸ĠÀ´Ô´ É¾³ý

ллpeaset £¬¾­¹ýÉÏÃæ²Ù×÷ÎÒµÄϵͳ±äºÃÐí¶à

¿ÉÊǶ¾ºÃÏó»¹ÊÇûɱÍêInnocent

ÏÂÃæÊÇÎÒµÄSREngLO£¬

ÇëÔÙ°ïż¿´¿´ºÃÂð£¿

[CODE]

2007-03-29,14:14:54

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - ¹ÜÀíȨÏÞÓû§ - ÍêÕû¹¦ÄÜ

ÒÔÏÂÄÚÈݱ»Ñ¡ÖУº
    ËùÓеÄÆô¶¯ÏîÄ¿£¨°üÀ¨×¢²á±í¡¢Æô¶¯Îļþ¼Ð¡¢·þÎñµÈ£©
    ä¯ÀÀÆ÷¼ÓÔØÏî
    ÕýÔÚÔËÐеĽø³Ì£¨°üÀ¨½ø³ÌÄ£¿éÐÅÏ¢£©
    Îļþ¹ØÁª
    Winsock ÌṩÕß
    Autorun.inf
    HOSTS Îļþ


Æô¶¯ÏîÄ¿
×¢²á±í
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
    <run><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <runeip><D:\kaka\runiep.exe>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]

==================================
Æô¶¯Îļþ¼Ð
[ÐÇ¿Õ¼«ËÙ]
  <C:\Documents and Settings\All Users\¡¸¿ªÊ¼¡¹²Ëµ¥\³ÌÐò\Æô¶¯\ÐÇ¿Õ¼«ËÙ.lnk --> C:\PROGRA~1\ChinaNet\VNETCL~1.EXE []><H>

==================================
·þÎñ
N/A

==================================
Çý¶¯³ÌÐò
[aeaudio / aeaudio][Running/Manual Start]
  <system32\drivers\aeaudio.sys><Andrea Electronics Corporation>
[AliIde / AliIde][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\aliide.sys><N/A>
[CmdIde / CmdIde][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[ewido security suite driver / ewido security suite driver][Stopped/System Start]
  <\??\F:\EWido\EWIDO3.5\guard.sys><N/A>
[MegaIDE / MegaIDE][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\MegaIDE.sys><LSI Logic Corporation.>
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
  <system32\drivers\npf.sys><Politecnico di Torino>
[npkcrypt / npkcrypt][Stopped/Auto Start]
  <\??\D:\QQ\npkcrypt.sys><N/A>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[smwdm / smwdm][Running/Manual Start]
  <system32\drivers\smwdm.sys><Analog Devices, Inc.>
[TSP / TSP][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\klif.sys><N/A>
[ViaIde / ViaIde][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[VIMICRO USB PC Camera / ZSMC301b][Running/Manual Start]
  <System32\Drivers\usbVM31b.sys><VM>

==================================
ä¯ÀÀÆ÷¼ÓÔØÏî
[Æô¶¯Ñ¸À×5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[Rising Web Scan Object]
  {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[Thunder Browser Helper]
  {4E83D566-4697-4F7B-B1F0-A513B01DB89A} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[VnetCookie Class]
  {4E83D567-4697-4F7B-B1F0-A513B01DB89A} <, N/A>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[Rising Web Scan Object]
  {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[&ʹÓÃѸÀ×ÏÂÔØ]
  <C:\Program Files\Thunder Network\Thunder\Program\geturl.htm, N/A>
[&ʹÓÃѸÀ×ÏÂÔØÈ«²¿Á´½Ó]
  <C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm, N/A>
[ÉÏ´«µ½QQÍøÂçÓ²ÅÌ]
  <, N/A>
[Ìí¼Óµ½QQ×Ô¶¨ÒåÃæ°å]
  <, N/A>
[Ìí¼Óµ½QQ±íÇé]
  <, N/A>
[ÓÃQQ²ÊÐÅ·¢Ë͸ÃͼƬ]
  <, N/A>

==================================
ÕýÔÚÔËÐеĽø³Ì
[PID: 452][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 500][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1252][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\kaka\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1408][D:\kaka\runiep.exe]  [Beijing Rising Technology Co., Ltd., 1, 0, 1, 6]
    [D:\kaka\iep_ctrl.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 4]
    [D:\kaka\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1420][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\kaka\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 916][C:\Documents and Settings\Administrator\×ÀÃæ\н¨Îļþ¼Ð\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [D:\kaka\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]

==================================
Îļþ¹ØÁª
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock ÌṩÕß
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS Îļþ
127.0.0.1       localhost

==================================
API HOOK
N/A

==================================
Òþ²Ø½ø³Ì
N/A

==================================


[/CODE]

 [4Â¥]  ×÷Õß:84.112.35.* ·¢±íʱ¼ä: 2007/09/12 23:44
»Ø¸´ Ð޸ĠÀ´Ô´ É¾³ý
Lindsay Lohan hot pics and videos http://gfx.download-by.net/screen/16/16407-lindsay-lohan-sex-e-screensaver.jpg http://popdish.com/wp-content/uploads/2007/03/lindsay.jpg
 [5Â¥]  ×÷Õß:87.118.116.* ·¢±íʱ¼ä: 2007/11/01 08:02
»Ø¸´ Ð޸ĠÀ´Ô´ É¾³ý
Break free from Nicotine's hold once and for all! LiveFree works!!! I've wanted to quit smoking for years, but the physical cravings always held me back; but with this program, my cravings were gone, and now so is my awful habit!!! Finally a product that truly helps users break the nasty habit once and for all.. Price specials now in effect! Click here to learn more!
 [6Â¥]  ×÷Õß:87.118.116.* ·¢±íʱ¼ä: 2007/11/04 11:15
»Ø¸´ Ð޸ĠÀ´Ô´ É¾³ý
Hi All ! New software site : Some categories : Audio Music Creation Utilities & Plugins Business and Finance Personal Finance Word Processing And more other software ... Best regards, My homepage : http://www.downloadminigames.com
 [7Â¥]  ×÷Õß:87.118.116.* ·¢±íʱ¼ä: 2007/11/06 04:48
»Ø¸´ Ð޸ĠÀ´Ô´ É¾³ý
*** FREE EXCLUSIVE ASIAN MOVIE GALLERIES *** http://thisfreemovies.com/MOV/asian/6/1.jpg http://thisfreemovies.com/MOV/asian/4/3.jpg http://thisfreemovies.com/MOV/asian/9/2.jpg free old asian porn video download hairy porn asian video free famous asian porn star *** SIMPLY HIGH-QUALITY ASIAN MOVIE GALLERIES *** http://thisfreemovies.com/MOV/asian/1/2.jpg http://thisfreemovies.com/MOV/asian/9/2.jpg http://thisfreemovies.com/MOV/asian/7/1.jpg free asian porn star name movies free fat asian porn old asian porn movies download asian woman porn *** SEX WITH ASIANS MOVIE GALLERIES *** http://thisfreemovies.com/MOV/asian/9/3.jpg http://thisfreemovies.com/MOV/asian/6/3.jpg http://thisfreemovies.com/MOV/asian/9/3.jpg asian teen porn movies asian porn star name movies free asian les porn free free asian porn sample video asian porn sample movies download asian porn kia asian porn star movies big asian tit porn asian hoe porn star video download asian dorm porn video free asian porn ass free asian porn clip video movies hot asian porn star free free asian porn video clip movies asian porn sample gay asian porn video free old asian porn movies free free asian teen porn video free asian anal porn movies free asian porn site free asian porn blog free asian porn movie gallery movies download asian woman porn movies download asian teen porn video asian school porn movies download asian porn tgp asian sex porn video download asian porn trailer video download rose asian porn star video download asian porn site movies download free mature asian porn free asian anal porn download anal asian porn star movies free free asian porn movie gallery free asian lesbian porn download asian pussy porn movies kia asian porn star video download asian porn ass movies fat asian porn movies download asian amateur porn asian cartoon porn free asian les porn video free asian porn actress movies free fat asian porn video download asian porn asian porn web site video download asian man porn movies asian interracial porn video download asian porn ass movies download asian porn star movies mature asian porn video download big asian tit porn video download asian porn links movies download asian porn anal free gay asian porn movies free asian pussy porn movies free asian porn download free asian porn tgp download free gay asian porn movies free free asian teen porn movies free asian porn thumb video asian porn links download asian porn star name video download asian porn pic video download old asian porn video free kia asian porn star asian porn review video download busty asian porn movies free asian beaver porn video free porn asian download video asian sex porn movies asian porn forum video free asian hoe porn star asian porn blog movies download free asian porn movie movies download free asian porn sample busty asian porn free asian porn tgp video free free asian teen porn asian porn actress movies free free young asian porn movies free free young asian porn free asian porn forum movies free top asian porn star asian porn links movies asian porn tgp download asian porn thumb asian porn psp asian porn clip video download hardcore asian porn download asian porn gallery movies free hot asian porn video free anal asian porn star video kia asian porn star movies free free asian porn star movies download asian porn dvd movies asian shemale porn movies free free asian porn movie gallery download free asian porn star video free free asian porn movie gallery download asian porn star name download free asian porn video clip download asian school porn movies download hardcore asian porn movies gay asian porn video free free asian porn gallery video download asian anal porn free young asian porn movies download free young asian porn video kia asian porn star movies
 [8Â¥]  ×÷Õß:195.131.221.* ·¢±íʱ¼ä: 2007/11/14 00:21
»Ø¸´ Ð޸ĠÀ´Ô´ É¾³ý
Hi I should be translated a software website from Russian on English. How ti is better to make it?
 [9Â¥]  ×÷Õß:87.118.116.* ·¢±íʱ¼ä: 2007/12/04 02:46
»Ø¸´ Ð޸ĠÀ´Ô´ É¾³ý
*** BIGGEST TEENS MOVIE GALLERIES *** http://thisfreemovies.com/MOV/teen/8/3.jpg http://thisfreemovies.com/MOV/teen/8/3.jpg http://thisfreemovies.com/MOV/teen/2/2.jpg teen anal movies download teen hand job video free teen titans video *** SIMPLY HIGH-QUALITY TEENS MOVIE GALLERIES *** http://thisfreemovies.com/MOV/teen/6/2.jpg http://thisfreemovies.com/MOV/teen/6/1.jpg http://thisfreemovies.com/MOV/teen/4/1.jpg download teen babes video free fat teen teen topanga *** PORNO TEENS MOVIE GALLERIES *** http://thisfreemovies.com/MOV/teen/3/3.jpg http://thisfreemovies.com/MOV/teen/9/2.jpg http://thisfreemovies.com/MOV/teen/5/1.jpg blonde teen petite teen video free casting couch teen download hot teen girl movies free teen thong teen titans hentai video download teen hitchhiker video free tight teen movies download teen ass video free blonde teen movies download teen boob video download teen sex video teen lesbian download hot teen girl movies teen kelly movies tiffany teen movies asian teen movies download teen gallery movies teen fucking video teen hand job movies free horny teen free hot teen movies free teen facial video download casting couch teen movies download school teen movies busty teen video free tiny teen free teen facial movies free tiny teen video download tiffany teen video download teen orgasm movies aqua teen hunger force video download collection dvd photo r teen download gay teen boy download teen sex pic movies download teen boob free hairy teen free ebony teen movies amateur teen video download fat teen movies couple seduce teen video download teen hitchhiker pre teen model video tight teen movies download nude teen movies download blonde teen movies teen babes movies pre teen beach teen video teen hand job movies free chubby teen video download teen anal video free teen titans free exploited black teen movies tight teen movies download teen bikini teen ass video couple seduce teen movies pre teen model movies teen facial free teen jobs movies download teen topanga movies video trixie teen movies free ebony teen teen lesbian free troubled teen free teen web cam free cute teen movies download teen xxx movies download teen hand job download teen hitchhiker movies free teen clothing video teen titans movies download not another teen movie free petite teen movies teen topanga video download gay teen video free teen hardcore free tiffany teen video chubby teen movies free teen nudist download teen model video teen boy movies download hot teen movies teen pussy movies free bunny teen teen fuck movies free couple seduce teen free hairy teen video teen gallery video teen web cam free skinny teen free teen cream pie video chubby teen tiny teen movies download teen clothing video free indian teen download trixie teen video download teen chat rooms free teen babes drunk teen teen titans video teen facial video free casting couch teen movies teen sluts movies free bunny teen movies download gay teen video blonde teen teen tgp movies teen ass free teen cream pie free teen ass video free troubled teen
 [10Â¥]  ×÷Õß:195.131.221.* ·¢±íʱ¼ä: 2007/12/07 19:08
»Ø¸´ Ð޸ĠÀ´Ô´ É¾³ý
Ïðèâåòñòâóþ! Ìíå íóæíî ðàñêðóòèòü [url=http://www.ktsc.ru]ñàéò, îðèåíòèðîâàííûé íà óñëóãè êóðüåðñêîé äîñòàâêè[/url]. Èç ïðîãðàìì äëÿ ðàñêðóòêè ñàéòà íàøåë è ñêà÷àë çäåñü [url=http://www.mysoftware.ru/download/] ïðîãðàììó[/url]. Ïðîãðàììêà ïîíðàâèëàñü, íî íóæíà ðåàëüíàÿ ðàñêðóòêà. Íà êàêèõ ñàéòàõ åùå ìîæíî ïîèñêàòü áåñïëàòíûå ïðîãðàììû?
 [11Â¥]  ×÷Õß:64.20.34.* ·¢±íʱ¼ä: 2007/12/10 23:49
»Ø¸´ Ð޸ĠÀ´Ô´ É¾³ý
Build Your Own Residual Income Business Products to Make You Feel Great, a Strong Support Team, and a Revolutionary New, Lucrative Compensation Plan! Agel is a new company and is uniquely positioned to be the next giant in this area. The company has developed an entirely new category of products. Imagine being part of the next industry-changing innovation. Video information http://www.biz.go-agel.biz/index.php?newlang=english&name=videoclips&op=CatView&cat=2 This video may change your life forever. Click here to get more information http://www.biz.go-agel.biz/index.php?newlang=russian&newlang=english
 [12Â¥]  ×÷Õß:195.131.221.* ·¢±íʱ¼ä: 2007/12/11 05:55
»Ø¸´ Ð޸ĠÀ´Ô´ É¾³ý
[url=http://www.mysoftware.ru/database/]Ðàçðàáîòêà áàç äàííûõ[/url] ïîä Windows â ñîîòâåòñòâèè ñ âàøèìè òðåáîâàíèÿìè. Ïîäðîáíîñòè íà ñàéòå ïîñâÿùåííîì [url=http://www.mysoftware.ru]ðàçðàáîòêå ïðîãðàìì ïîä çàêàç[/url] Âû ìæåòå ïîñìîòðåòü íàøè [url=http://www.mysoftware.ru/demo/]äåìîíñòðàöèè[/url] è [url=http://www.mysoftware.ru/download/]åñïëàòíûé ñîôò[/url] Åñëè âîçíèêàþò ñëîæíîñòè ïîñòàíîâêè çàäà÷è, ðåêîìåíäóåì îáðàòèòüñÿ â [url=http://www.mysoftware.ru/tz/]ðàçäåë ïîñâÿùåííûé ñîñòàâëåíèþ òåõíè÷åñêîãî çàäàíèÿ[/url]
 [13Â¥]  ×÷Õß:218.58.136.* ·¢±íʱ¼ä: 2007/12/14 05:01
»Ø¸´ Ð޸ĠÀ´Ô´ É¾³ý
H[url=http://www.sexanali.info/index.html]e[/url]llo [url=http://www.sexanali.info/1/index1.html]a[/url]ll[url=http://www.sexanali.info/2/index1.html].[/url] I [url=http://www.sexanali.info/3/index1.html]a[/url]m a f[url=http://www.sexanali.info/index5.html]l[/url]ag[url=http://www.sexanali.info/index11.html]-[/url]wa[url=http://www.sexanali.info/1/index11.html]v[/url]in[url=http://www.sexanali.info/2/index13.html]g[/url] A[url=http://www.sexanali.info/3/index9.html]m[/url]er[url=http://www.sexanali.info/3/index14.html]i[/url]ca[url=http://www.sexanali.info/index1.html]n[/url] ci[url=http://www.sexanali.info/index15.html]t[/url]iz[url=http://www.sexanali.info/1/index3.html]e[/url]n w[url=http://www.sexanali.info/1/index8.html]h[/url]o s[url=http://www.sexanali.info/2/index7.html]o[/url]me[url=http://www.sexanali.info/index4.html]h[/url]ow [url=http://www.sexanali.info/1/index.html]l[/url]an[url=http://www.sexanali.info/1/index7.html]d[/url]e[url=http://www.sexanali.info/1/index15.html]d[/url] [url=http://www.sexanali.info/2/index10.html]i[/url]n t[url=http://www.sexanali.info/2/index3.html]h[/url]e M[url=http://www.sexanali.info/2/index16.html]i[/url]dd[url=http:/ /www.sexanali.info/2/index4.html]l[/url]e East and [url=http://www.sexanali.info/2/index12.html]I[/url]a[url=http://www.sexanali.info/2/index6.html]m[/url] l[url=http://www.sexanali.info/3/index4.html]o[/url]ok[url=http://www.sexanali.info/3/index7.html]i[/url]ng [url=http://www.sexanali.info/2/index15.html]f[/url]or a wa[url=http://www.sexanali.info/2/index11.html]y[/url] o[url=http://www.sexanali.info/1/index9.html]u[/url]t[url=http://www.sexanali.info/2/index5.html].[/url] [url=http://www.sexanali.info/1/index13.html]:([/url] [url=http://www.sexanali.info/1/index12.html]([/url]its [url=http://www.sexanali.info/1/index16.html]a[/url] l[url=http://www.sexanali.info/2/index.html]o[/url]ng [url=http://www.sexanali.info/2/index9.html]s[/url]to[url=http://www.sexanali.info/2/index8.html]r[/url]y w[url=http://www.sexanali.info/3/index.html]i[/url]th [url=http://www.sexanali.info/3/index3.html]l[/url]ot[url=http://www.sexanali.info/3/index5.html]s[/url] o[url=http://www.sexanali.info/2/index14.html]f[/url] so[url=http://www.sexanali.info/1/index14.html]r[/url]did de[url=http://www.sexanali.info/3/index2.html]t[/url]ai[url=http://www.sexanali.info/2/index2.html]l[/url]s[url=http://www.sexanali.info/2/index17.html]:[/url] ch[url=http://www.sexanali.info/1/index6.html]e[/url]at[url=http://www.sexanali.info/3/index6.html]i[/url]ng s[url=http://www.sexanali.info/1/index10.html]p[/url]ou[url=http://www.sexanali.info/3/index11.html]s[/url]e[url=http://www.sexanali.info/3/index13.html],[/url] dy[url=http://www.sexanali.info/3/index16.html]s[/url]funct[url=http://www.sexanali.info/index20.html]i[/url]onal in[url=http://www.sexanali.info/1/index4.html]l[/url]aws, de[url=http://www.sexanali.info/index18.html]c[/url]eip[url=http://www.sexanali.info/index9.html]t[/url] an[url=http://www.sexanali.info/index13.html]d[/url] u[url=http://www.sexanali.info/3/index10.html]n[/url]derhand[url=http://www.sexanali.info/3/index12.html]e[/url]dness[url=http://www.sexanali.info/index21.html]..[/url].it m[url=http://www.sexanali.info/index7.html]i[/url]ght ma[url=http://www.sexanali.info/1/index5.html]k[/url]e a v[url=http://www.sexanali.info/index10.html]e[/url]ry int[url=http://www.sexanali.info/3/index8.html]e[/url]resting movie[url=http://www.sexanali.info/3/index15.html].[/url] [url=http://www.sexanali.info/index2.html]:)[/url] An[url=http://www.sexanali.info/index14.html]y[/url]wa[url=http://www.sexanali.info/index12.html]y[/url], [url=http://www.sexanali.info/index8.html]h[/url]el[url=http://www.sexanali.info/1/index2.html]l[/url]o to ev[url=http://www.sexanali.info/index17.html]e[/url]ryone a[url=http://www.sexanali.info/index3.html]n[/url]d I lo[url=http://www.sexanali.info/index22.html]o[/url]k fo[url=http://www.sexanali.info/index19.html]r[/url]war[url=http://www.sexanali.info/index6.html]d[/url] t[url=http://www.sexanali.info/index16.html]o[/url] s[url=http://www.sexanali.info/index34.html]h[/url]arin[url=http://www.sexanali.info/2/index36.html]g[/url] m[url=http://www.sexanali.info/3/index33.html]y[/url] i[url=http://www.sexanali.info/1/index39.html]n[/url]terna[url=http://www.sexanali.info/1/index32.html]t[/url]iona[url=http://www.sexanali.info/2/index34.html]l[/url] e[url=http://www.sexanali.info/1/index33.html]x[/url]pe[url=http://www.sexanali.info/index31.html]r[/url]ien[url=http://www.sexanali.info/2/index30.html]c[/url ]es wi[url=http://www.sexanali.info/84.html]t[/url]hal[url=http://www.sexanali.info/85.html]l[/url] of [url=http://www.sexanali.info/86.html]y[/url]ou i[url=http://www.sexanali.info/87.html]n[/url] th[url=http://www.sexanali.info/88.html]e[/url] co[url=http://www.sexanali.info/89.html]m[/url]ing [url=http://www.sexanali.info/90.html]m[/url]on[url=http://www.sexanali.info/91.html]t[/url]hs[url=http://www.sexanali.info/92.html].[/url]
 [14Â¥]  ×÷Õß:210.102.237.* ·¢±íʱ¼ä: 2007/12/29 09:11
»Ø¸´ Ð޸ĠÀ´Ô´ É¾³ý
Cheap cigarettes prices. Chesterfield Cigarettes $11.21 Lucky Strike Cigarettes $11.60 Marlboro Cigarettes $11.89 Camel Cigarettes $11.50 Winston Cigarettes $9.79 L&M Cigarettes $9.19 http://www.discount-cigarettes-online.buy-24h.net.ru
 [15Â¥]  ×÷Õß:210.206.137.* ·¢±íʱ¼ä: 2007/12/30 18:33
»Ø¸´ Ð޸ĠÀ´Ô´ É¾³ý
Cheap cigarettes prices are per carton (200 cigarettes). Marlboro Cigarettes $11.89 Camel Cigarettes $11.50 Winston Cigarettes $9.79 Chesterfield Cigarettes $11.21 Lucky Strike Cigarettes $11.60 L&M Cigarettes $9.19 http://www.discount-cigarettes-online.buy-24h.net.ru
 [16Â¥]  
 [17Â¥]  
 [18Â¥]  
 [19Â¥]  
 [20Â¥]  
·ÖÒ³1
Ç©  Ãû: Ò» ¶þ Èý ÎÞ
×÷  Õß:
ÃÜ  Âë:
ÓοÍÀ´·Ã 
×¢²áÓû§  Ìá¡¡½» 
Î÷½Íø( www.xilu.com )°æȨËùÓÐ µã»÷ÓµÓÐÎ÷½Ãâ·ÑÂÛ̳  ÁªÏµÎ÷½С¾«Áé
¹Ø±Õ

ÿÈÕ¾«²Ê

IT
ÌåÓý
Éç»á
ÓÎÏ·
Ö°³¡

0.308444976807