遭遇sqmapi32.dll,kvmxfma.dll,rarjdpi.dll,google.dll,a0b1.dll等

endurer 原创
2007-11-07 第1

中招后IE工作不正常,电脑不定期弹广告窗口,打开任意网页顶部都出现推荐FireFox的信息;

遭遇sqmapi32.dll,kvmxfma.dll,rarjdpi.dll,google.dll,a0b1.dll等_windows

启动程序时会报告 svchost.exe 出错,无法运行cmd.exe、WinRAR……进入安全模式时出现蓝屏错误:Unknown hard error


pe_xscan 07-08-30 by Purple Endurer
2007-11-6 16:54:44
Windows XP Service Pack 2(5.1.2600)
管理员用户组

[System Process] * 0
    C:/WINDOWS/system32/allatl.dll | 2007-11-6 15:21:22
    C:/WINDOWS/system32/dh3atl.dll | 2007-11-6 14:51:20
    C:/WINDOWS/system32/myatl.dll | 2007-11-6 14:51:18
    C:/WINDOWS/system32/qqsgatl.dll | 2007-11-6 14:51:10
    C:/WINDOWS/system32/wlatl.dll | 2007-11-6 14:51:14
    C:/WINDOWS/system32/msatl.dll | 2007-11-6 14:51:14
    C:/WINDOWS/system32/addrz_thelp.dll | 2007-11-6 14:51:6
    C:/WINDOWS/system32/dhatl.dll | 2007-11-6 14:51:12
    c:/progra~1/wqjm/jdwz.dll | 2007-11-5 11:32:6 | stdstub | 5, 0, 1, 1 | stdstub | Copyright 2005 | 5, 0, 1, 1 |  |  | stdstub |
    c:/progra~1/wqjm/oibe.dll | 2007-11-5 11:32:6 | stdplay | 5, 0, 1, 1 | stdplay | Copyright ? 2006 | 5, 0, 1, 1 |  |  | stdvote | stdplay.dll

C:/WINDOWS/Explorer.EXE * 1436 | 2004-8-17 12:0:0 | Microsoft(R) Windows(R) Operating System | 6.00.2900.2180 | Windows Explorer | (C) Microsoft Corporation. All rights reserved. | 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | explorer | EXPLORER.EXE
    c:/progra~1/wqjm/jdwz.dll | 2007-11-5 11:32:6 | stdstub | 5, 0, 1, 1 | stdstub | Copyright 2005 | 5, 0, 1, 1 |  |  | stdstub |
    c:/progra~1/wqjm/oibe.dll | 2007-11-5 11:32:6 | stdplay | 5, 0, 1, 1 | stdplay | Copyright ? 2006 | 5, 0, 1, 1 |  |  | stdvote | stdplay.dll
    C:/WINDOWS/system32/RavExt.dll | 2007-10-22 9:53:0 | Rising AntiVirus 2008 | 20.00 | Rising Shell Ext Module | Rising Corp. All rights reserved. | 20.0.0.16 | Beijing Rising Technology Co., Ltd.| ? | Beijing Rising Technology Co., Ltd. | RavExt.DLL
    C:/WINDOWS/system32/sqmapi32.dll | 2007-11-6 15:21:22
    C:/WINDOWS/system32/qdshm.dll | 2007-11-6 14:51:6
    C:/WINDOWS/system32/dhatl.dll | 2007-11-6 14:51:12
    C:/WINDOWS/system32/addrz_thelp.dll | 2007-11-6 14:51:6
    C:/WINDOWS/system32/msatl.dll | 2007-11-6 14:51:14
    C:/WINDOWS/system32/wlatl.dll | 2007-11-6 14:51:14
    C:/WINDOWS/system32/qqsgatl.dll | 2007-11-6 14:51:10
    C:/WINDOWS/system32/myatl.dll | 2007-11-6 14:51:18
    C:/WINDOWS/system32/dh3atl.dll | 2007-11-6 14:51:20
    C:/WINDOWS/system32/allatl.dll | 2007-11-6 15:21:22

C:/WINDOWS/system32/ctfmon.exe * 1764 | 2004-8-17 12:0:0 | Microsoft? Windows? Operating System | 5.1.2600.2180 | CTF Loader | ? Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | CTFMON | CTFMON.EXE
    c:/progra~1/wqjm/jdwz.dll | 2007-11-5 11:32:6 | stdstub | 5, 0, 1, 1 | stdstub | Copyright 2005 | 5, 0, 1, 1 |  |  | stdstub |
    c:/progra~1/wqjm/oibe.dll | 2007-11-5 11:32:6 | stdplay | 5, 0, 1, 1 | stdplay | Copyright ? 2006 | 5, 0, 1, 1 |  |  | stdvote | stdplay.dll

C:/WINDOWS/System32/svchost.exe * 1820 | 2004-8-17 12:0:0 | Microsoft? Windows? Operating System | 5.1.2600.2180 | Generic Host Process for Win32 Services | ? Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | svchost.exe | svchost.exe
    c:/progra~1/wqjm/gatw.dll | 2007-11-5 11:32:6 |   AdDm | 5, 0, 1, 1 | AdDm | Copyright ? 2006 | 5, 0, 1, 1 |  |  | AdDm | AdDm.exe
    c:/progra~1/wqjm/jdwz.dll | 2007-11-5 11:32:6 | stdstub | 5, 0, 1, 1 | stdstub | Copyright 2005 | 5, 0, 1, 1 |  |  | stdstub |
    c:/progra~1/wqjm/oibe.dll | 2007-11-5 11:32:6 | stdplay | 5, 0, 1, 1 | stdplay | Copyright ? 2006 | 5, 0, 1, 1 |  |  | stdvote | stdplay.dll
    c:/progra~1/wqjm/lfyb.dll | 2007-11-5 11:32:6 | stdvote | 5, 0, 1, 1 | stdvote | Copyright ? 2006 | 5, 0, 1, 1 |  |  | stdvote | stdvote.dll
    c:/progra~1/wqjm/cwps.dll | 2007-11-5 11:32:6 |  | 5, 0, 1, 1 | stdseg | Copyright ? 2007 | 5, 0, 1, 1 |  |  | stdseg |
    C:/WINDOWS/system32/sqmapi32.dll | 2007-11-6 15:21:22

C:/WINDOWS/System32/svchost.exe * 1832 | 2004-8-17 12:0:0 | Microsoft? Windows? Operating System | 5.1.2600.2180 | Generic Host Process for Win32 Services | ? Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | svchost.exe | svchost.exe
    c:/windows/system32/conime/conime.dll | 2007-11-5 11:22:4 | pc inetinfo | 1, 0, 0, 1 | 用于支持windows网络服务的除错。 | (C) Microsoft Corporation. All rights reserved. | 1, 0, 0, 1 | Microsoft Corporation |  | upnp | inetinfo.dll

C:/WINDOWS/system32/0b911.exe * 1864 | 2007-10-25 9:29:58 | Microsoft(R) Windows(R) Operating System | 5.1.2600.2180 | Windows Progman Group Converter | Copyright Zhongsou(C) 2005 | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | GrpConv| ?

C:/WINDOWS/system32/nvsvc32.exe * 124 | 2006-10-22 12:22:0 | NVIDIA Driver Helper Service, Version 93.71 | 6.14.10.9371 | NVIDIA Driver Helper Service, Version 93.71 | (C) NVIDIA Corporation. All rights reserved. | 6.14.10.9371 | NVIDIA Corporation| ? | NVSVC | nvsvc32.exe
    c:/progra~1/wqjm/jdwz.dll | 2007-11-5 11:32:6 | stdstub | 5, 0, 1, 1 | stdstub | Copyright 2005 | 5, 0, 1, 1 |  |  | stdstub |
    c:/progra~1/wqjm/oibe.dll | 2007-11-5 11:32:6 | stdplay | 5, 0, 1, 1 | stdplay | Copyright ? 2006 | 5, 0, 1, 1 |  |  | stdvote | stdplay.dll

C:/WINDOWS/system32/winlogon.exe * 340 | 2004-8-17 12:0:0 | Microsoft(R) Windows(R) Operating System | 5.1.2600.2180 | Windows NT Logon Application | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | winlogon | WINLOGON.EXE
    C:/WINDOWS/system32/sqmapi32.dll | 2007-11-6 15:21:22
    C:/WINDOWS/system32/qdshm.dll | 2007-11-6 14:51:6

C:/WINDOWS/system32/svchost.exe * 352 | 2004-8-17 12:0:0 | Microsoft? Windows? Operating System | 5.1.2600.2180 | Generic Host Process for Win32 Services | ? Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | svchost.exe | svchost.exe
    c:/progra~1/wqjm/jdwz.dll | 2007-11-5 11:32:6 | stdstub | 5, 0, 1, 1 | stdstub | Copyright 2005 | 5, 0, 1, 1 |  |  | stdstub |
    c:/progra~1/wqjm/oibe.dll | 2007-11-5 11:32:6 | stdplay | 5, 0, 1, 1 | stdplay | Copyright ? 2006 | 5, 0, 1, 1 |  |  | stdvote | stdplay.dll
    C:/WINDOWS/system32/sqmapi32.dll | 2007-11-6 15:21:22

C:/WINDOWS/system32/rundll32.exe * 2368 | 2004-8-17 12:0:0 | Microsoft(R) Windows(R) Operating System | 5.1.2600.2180 | Run a DLL as an App | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | rundll | RUNDLL.EXE
    C:/WINDOWS/system32/0a1.dll | 2007-10-29 10:3:36 |  Player 动态链接库 | 1, 0, 0, 3 | Player 动态链接库 |    版权所有 (C) 2006 | 1, 0, 0, 3 |   | ? | Player | Player.dll
    c:/progra~1/wqjm/jdwz.dll | 2007-11-5 11:32:6 | stdstub | 5, 0, 1, 1 | stdstub | Copyright 2005 | 5, 0, 1, 1 |  |  | stdstub |
    c:/progra~1/wqjm/oibe.dll | 2007-11-5 11:32:6 | stdplay | 5, 0, 1, 1 | stdplay | Copyright ? 2006 | 5, 0, 1, 1 |  |  | stdvote | stdplay.dll

C:/Program Files/Internet Explorer/IEXPLORE.EXE * 2260 | 2004-8-17 20:0:0 | Microsoft(R) Windows(R) Operating System | 6.00.2900.2180 | Internet Explorer | (C) Microsoft Corporation. All rights reserved. | 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | iexplore | IEXPLORE.EXE
    c:/progra~1/wqjm/jdwz.dll | 2007-11-5 11:32:6 | stdstub | 5, 0, 1, 1 | stdstub | Copyright 2005 | 5, 0, 1, 1 |  |  | stdstub |
    c:/progra~1/wqjm/oibe.dll | 2007-11-5 11:32:6 | stdplay | 5, 0, 1, 1 | stdplay | Copyright ? 2006 | 5, 0, 1, 1 |  |  | stdvote | stdplay.dll
    C:/WINDOWS/system32/a0b1.dll | 2007-10-29 10:3:36 | IEHpr Module | 1, 0, 0, 2 | IEHpr Module | Copyright 2007 | 1, 0, 0, 2 |  |  | IEHpr | IEHpr.DLL
    C:/WINDOWS/system32/msurlpar.dll | 2007-9-25 10:5:12 | MSURLPAR Module | 1, 0, 0, 1 | MSURLPAR Module | Copyright 2007 | 1, 0, 0, 1 | Statistics |  | MSURLPAR | MSURLPAR.DLL
    C:/WINDOWS/system32/gujxvpzjcsrlu.dll | 2007-11-2 14:57:4 |  | 1.0.0.0 |  |  | 1.0.0.0 |  |  |  |
    C:/WINDOWS/ILOVEG~1/google.dll | 2007-11-6 8:11:38 | Microsoft Module | 4, 0, 2, 111 | Microsoft Module | (C) Microsoft Corporation. All rights reserved. | 4, 0, 2, 111 | Microsoft Corporation |  | Microsoft | Microsoft.DLL
    C:/WINDOWS/system32/dh3atl.dll | 2007-11-6 14:51:20
    C:/WINDOWS/system32/myatl.dll | 2007-11-6 14:51:18
    C:/WINDOWS/system32/qqsgatl.dll | 2007-11-6 14:51:10
    C:/WINDOWS/system32/wlatl.dll | 2007-11-6 14:51:14
    C:/WINDOWS/system32/msatl.dll | 2007-11-6 14:51:14
    C:/WINDOWS/system32/addrz_thelp.dll | 2007-11-6 14:51:6
    C:/WINDOWS/system32/dhatl.dll | 2007-11-6 14:51:12
    C:/WINDOWS/system32/sqmapi32.dll | 2007-11-6 15:21:22
    C:/WINDOWS/system32/allatl.dll | 2007-11-6 15:21:22
    C:/Program Files/雪冰五笔速成/msdxm.ocx | 2001-6-8 12:18:16 | DirectShow | 6.4.07.1119 | Windows Media Player 2 ActiveX Control | Copyright (C) 1992-1999 Microsoft Corp. | 6.4.07.1119 | Microsoft Corporation| ? | MSDXM.OCX | MSDXM.OCX

C:/WINDOWS/system32/conime.exe * 1188 | 2004-8-17 12:0:0 | Microsoft? Windows? Operating System | 5.1.2600.2180 | Console IME | ? Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | Console | CONIME.EXE
    c:/progra~1/wqjm/jdwz.dll | 2007-11-5 11:32:6 | stdstub | 5, 0, 1, 1 | stdstub | Copyright 2005 | 5, 0, 1, 1 |  |  | stdstub |
    c:/progra~1/wqjm/oibe.dll | 2007-11-5 11:32:6 | stdplay | 5, 0, 1, 1 | stdplay | Copyright ? 2006 | 5, 0, 1, 1 |  |  | stdvote | stdplay.dll

C:/PROGRAM FILES/RISING/RAV/Ravmond.exe * 3444 | 2007-11-5 15:45:8 | Rising AntiVirus 2008 | 20.00 | Rising Realtime Moniter | Rising Corp. All rights reserved. | 20.0.0.59 | Beijing Rising Technology Co., Ltd.| ? | Beijing Rising Technology Co., Ltd. | ravmond.exe
    c:/progra~1/wqjm/jdwz.dll | 2007-11-5 11:32:6 | stdstub | 5, 0, 1, 1 | stdstub | Copyright 2005 | 5, 0, 1, 1 |  |  | stdstub |
    c:/progra~1/wqjm/oibe.dll | 2007-11-5 11:32:6 | stdplay | 5, 0, 1, 1 | stdplay | Copyright ? 2006 | 5, 0, 1, 1 |  |  | stdvote | stdplay.dll
    C:/WINDOWS/system32/sqmapi32.dll | 2007-11-6 15:21:22

C:/Program Files/Rising/Rav/RAVMON.EXE * 2548 | 2007-10-22 9:53:40 | Rising AntiVirus 2008 | 20.00 | Rising realtime monitor shell | Rising Corp. All rights reserved. | 20.0.0.98 | Beijing Rising Technology Co., Ltd.| ? | Beijing Rising Technology Co., Ltd. | RavTray.EXE
    C:/WINDOWS/system32/allatl.dll | 2007-11-6 15:21:22
    C:/WINDOWS/system32/dh3atl.dll | 2007-11-6 14:51:20
    C:/WINDOWS/system32/myatl.dll | 2007-11-6 14:51:18
    C:/WINDOWS/system32/qqsgatl.dll | 2007-11-6 14:51:10
    C:/WINDOWS/system32/wlatl.dll | 2007-11-6 14:51:14
    C:/WINDOWS/system32/msatl.dll | 2007-11-6 14:51:14
    C:/WINDOWS/system32/addrz_thelp.dll | 2007-11-6 14:51:6
    C:/WINDOWS/system32/dhatl.dll | 2007-11-6 14:51:12
    c:/progra~1/wqjm/jdwz.dll | 2007-11-5 11:32:6 | stdstub | 5, 0, 1, 1 | stdstub | Copyright 2005 | 5, 0, 1, 1 |  |  | stdstub |
    c:/progra~1/wqjm/oibe.dll | 2007-11-5 11:32:6 | stdplay | 5, 0, 1, 1 | stdplay | Copyright ? 2006 | 5, 0, 1, 1 |  |  | stdvote | stdplay.dll
    C:/Program Files/Rising/Rav/Rsguilib.dll | 2007-10-22 9:53:16 | Rising AntiVirus 2008 | 20, 0, 0, 0 | Rising GUI Library Loader | Rising Corp. All rights reserved. | 20, 0, 0, 79 | Beijing Rising Technology Co., Ltd.| ? | Beijing Rising Technology Co., Ltd. | RsGuiLib.dll

d:/Program Files/Rising/AntiSpyware/runiep.exe * 2404 | 2007-11-6 16:52:2 | runiep 应用程序 | 4.00 | Rising AntiSpyware Monitor | Rising Corp. All rights reserved. | 4.0.0.18 | Beijing Rising Technology Co., Ltd. |  | Beijing Rising Technology Co., Ltd. | runiep.exe
    C:/WINDOWS/system32/allatl.dll | 2007-11-6 15:21:22
    C:/WINDOWS/system32/dh3atl.dll | 2007-11-6 14:51:20
    C:/WINDOWS/system32/myatl.dll | 2007-11-6 14:51:18
    C:/WINDOWS/system32/qqsgatl.dll | 2007-11-6 14:51:10
    C:/WINDOWS/system32/wlatl.dll | 2007-11-6 14:51:14
    C:/WINDOWS/system32/msatl.dll | 2007-11-6 14:51:14
    C:/WINDOWS/system32/addrz_thelp.dll | 2007-11-6 14:51:6
    C:/WINDOWS/system32/dhatl.dll | 2007-11-6 14:51:12
    c:/progra~1/wqjm/jdwz.dll | 2007-11-5 11:32:6 | stdstub | 5, 0, 1, 1 | stdstub | Copyright 2005 | 5, 0, 1, 1 |  |  | stdstub |
    c:/progra~1/wqjm/oibe.dll | 2007-11-5 11:32:6 | stdplay | 5, 0, 1, 1 | stdplay | Copyright ? 2006 | 5, 0, 1, 1 |  |  | stdvote | stdplay.dll

O2 - BHO Invoke Class - {3AA0903B-1E13-4865-B114-15792D413C41} - C:/WINDOWS/system32/a0b1.dll
O2 - BHO MSURL Class - {6CDD9D1F-7501-4B0F-90CD-5ADA4F15E6E8} - C:/WINDOWS/system32/msurlpar.dll
O2 - BHO  - {98836B5F-4E24-4207-952D-A5EA63C7A645} - C:/WINDOWS/system32/gujxvpzjcsrlu.dll
O2 - BHO google Class - {CE7C3CF0-4B15-11D1-ABED-709549C10531} - C:/WINDOWS/ILOVEG~1/google.dll
O3 - IE工具栏: 快捷工具条3.1 - {BE830FD4-E393-417F-9F4B-CC70ABB3384C} - C:/WINDOWS/system32/IETool.dll
O3 - IE工具栏: PopocyToolBar - {691AFBC1-3C46-406D-AD22-EB3A0F665FC1} - C:/Program Files/HXNotify/PopocyBar.dll
O3 - IE工具栏:  - {8E718888-423F-11D2-876E-00A0C9082467} - C:/Program Files/雪冰五笔速成/msdxm.ocx

O23 - 服务: ADProt (ADProt) - C:/WINDOWS/system32/drivers/ADProt.sys(系统)

O23 - 服务: bvor (Windows bvor RunThem) - C:/WINDOWS/System32/svchost.exe -k netsvcs -> C:/PROGRA~1/wqjm/gatw.dll | 2007-11-5 11:32:6 |   AdDm | 5, 0, 1, 1 | AdDm | Copyright ? 2006 | 5, 0, 1, 1 |  |  | AdDm | AdDm.exe(自动)

O23 - 服务: conime (conime) - C:/WINDOWS/System32/svchost.exe -k netsvcs -> C:/WINDOWS/system32/conime/conime.dll | 2007-11-5 11:22:4 | pc inetinfo | 1, 0, 0, 1 | 用于支持windows网络服务的除错。 | (C) Microsoft Corporation. All rights reserved. | 1, 0, 0, 1 | Microsoft Corporation |  | upnp | inetinfo.dll(自动)

O23 - 服务: ms_2fax (ms_2fax) - C:/WINDOWS/system32/0b911.exe | 2007-10-25 9:29:58 | Microsoft(R) Windows(R) Operating System | 5.1.2600.2180 | Windows Progman Group Converter | Copyright Zhongsou(C) 2005 | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | GrpConv| ?(自动)

O23 - 服务: Provisioning (Shell Logs and Alerts) - C:/WINDOWS/system32/drpcoev.exe | 2007-11-6 10:50:14(自动)

O23 - 服务: wuauserv (Automatic Updates) - C:/WINDOWS/system32/drivers/svchost.exe | 2007-11-6 10:50:24(自动)

O24 - ShlExecHook: [6] - {6D47B341-43DF-4563-753F-345FFA3157D6} = C:/WINDOWS/system32/kvmxfma.dll

O24 - ShlExecHook: [4] - {4598FF45-DA60-F48A-BC43-10AC47853D54} = C:/WINDOWS/system32/rarjdpi.dll