瑞星卡卡安全论坛
salthw - 2006-10-5 23:49:00
Logfile of HijackThis v1.99.1
Scan saved at 23:30:54, on 2006-10-5
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
d:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\VM303_STI.EXE
D:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
c:\windows\system32\wbem\winlogon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\106\LOCALS~1\Temp\Rar$EX00.926\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: netup - {0A44CDEC-87D0-4D4D-BF97-DE9AFB9B104A} - C:\WINDOWS\system32\netiup.dll
O2 - BHO: MyIEHelper Class - {16B770A0-0E87-4278-B748-2460D64A8386} - C:\Documents and Settings\All Users\Application Data\Microsoft\UserData\IEHelper_5026.dll (file missing)
O2 - BHO: SYM - {36BF6929-DCBC-4CCD-A620-C5E3BBA77B95} - C:\WINDOWS\system32\usersrd.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - d:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\mmsass~1.dll
O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - d:\Program Files\Xi\NetXfer\NXIEHelper.dll
O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - d:\Program Files\Xi\NetXfer\NXToolBar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [KAVPersonal50] "d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IMSCMIG40W] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40W\IMSCMIG.EXE /SetPreload /Log
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [!ewido] "D:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [bgswitch] C:\WINDOWS\system32\bgswitch.exe
O4 - HKCU\..\Run: [MyShares] c:\program Files\忆多多\MyShares.exe /tray
O8 - Extra context menu item: >>彩信发送<< - res://C:\PROGRA~1\MMSASS~1\mmsass~1.dll/mms.htm
O8 - Extra context menu item: 使用网络传送带下载 - D:\Program Files\Xi\NetXfer\NXAddLink.html
O8 - Extra context menu item: 使用网络传送带下载全部链接 - D:\Program Files\Xi\NetXfer\NXAddList.html
O8 - Extra context menu item: 导出到 Microsoft Excel(&x) - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ表情 - d:\Program Files\Tencent\QQ\AddEmotion.htm
O9 - Extra button: 番茄花园 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://www.tomatolei.com (file missing)
O9 - Extra 'Tools' menuitem: 番茄花园 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://www.tomatolei.com (file missing)
O9 - Extra button: 鱼鱼软件 - {6096E38F-5AC3-4391-8EC4-75DFA92FB32F} - http://www.cfishsoft.com (file missing)
O9 - Extra button: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\mmsass~1.dll
O9 - Extra 'Tools' menuitem: 彩E精灵设置 - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\mmsass~1.dll
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - d:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - d:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{0BD1702D-323A-41EA-AAD6-8CBC54540885}: NameServer = 202.198.16.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{0BD1702D-323A-41EA-AAD6-8CBC54540885}: NameServer = 202.198.16.3
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - d:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: kavsvc - Kaspersky Lab - d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe
O23 - Service: P4P Service - Sohu.com Inc. - C:\Program Files\Common Files\Sogou PXP\p2psvr.exe
salthw - 2006-10-6 0:16:00
2006-10-06,00:06:39
System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)
Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能
以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Corporation]
<bgswitch><C:\WINDOWS\system32\bgswitch.exe> [N/A]
<MyShares><c:\program Files\忆多多\MyShares.exe /tray> [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Corporation]
<PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Corporation]
<PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Corporation]
<KAVPersonal50><"d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize> [Kaspersky Lab]
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<IMSCMIG40W><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40W\IMSCMIG.EXE /SetPreload /Log> [Microsoft Corporation]
<BigDog303><C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)> [N/A]
<!ewido><"D:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized> [Anti-Malware Development a.s.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{57B86673-276A-48B2-BAE7-C6DBB3020EB8}><d:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll> [Anti-Malware Development a.s.]
salthw - 2006-10-6 0:17:00
==================================
启动文件夹
N/A
==================================
服务
[ASP.NET Work State Service / aspwstate]
<C:\WINDOWS\System32\svchost.exe -k aspwstate-->c:\windows\system32\aspwswin.dll><Microsoft Corporation>
[ewido anti-spyware 4.0 guard / ewido anti-spyware 4.0 guard]
<d:\Program Files\ewido anti-spyware 4.0\guard.exe><Anti-Malware Development a.s.>
[Human Interface Device Access / HidServ]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[JMediaService / JMediaService]
<C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\MMSASS~1\MMSSVER.DLL,Service><Microsoft Corporation>
[kavsvc / kavsvc]
<"d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe"><Kaspersky Lab>
[NetFrame Wireless Configuration / NFSWZCSVC]
<C:\WINDOWS\System32\svchost.exe -k NFSWZCSVC-->c:\windows\system32\nfswzwin32.dll><Microsoft Corporation>
[P4P Service / P4P Service]
<C:\Program Files\Common Files\Sogou PXP\p2psvr.exe><Sohu.com Inc.>
==================================
驱动程序
[Albus / Albus]
<\SystemRoot\system32\drivers\Albus.SYS><N/A>
[标准 IDE/ESDI 硬盘控制器 / atapi]
<\SystemRoot\system32\DRIVERS\atapi.sys><N/A>
[d346bus / d346bus]
<\SystemRoot\system32\DRIVERS\d346bus.sys><>
[d346prt / d346prt]
<\SystemRoot\System32\Drivers\d346prt.sys><>
[ewido anti-spyware 4.0 driver / ewido anti-spyware 4.0 driver]
<\??\d:\Program Files\ewido anti-spyware 4.0\guard.sys><N/A>
[Kl1 / Kl1]
<\SystemRoot\System32\drivers\kl1.sys><Kaspersky Lab>
[Klif / Klif]
<System32\drivers\klif.sys><Kaspersky Labs>
[Klmc / Klmc]
<System32\drivers\klmc.sys><Kaspersky Lab>
[npkcrypt / npkcrypt]
<\??\D:\Program Files\Tencent\qq\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[ProcServ / ProcServ]
<\??\C:\WINDOWS\system32\drivers\ProcServ.sys><N/A>
[Direct Parallel Link Driver / Ptilink]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek 10/100/1000 NIC Family all in one NDIS XP Driver / RTL8023xp]
<system32\DRIVERS\Rtnicxp.sys><N/A>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139]
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv]
<system32\DRIVERS\secdrv.sys><N/A>
[TSP / TSP]
<\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Labs>
[ViaIde / ViaIde]
<\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
[VIA AC'97 Audio Controller (WDM) / VIAudio]
<system32\drivers\ac97via.sys><VIA Technologies, Inc.>
salthw - 2006-10-6 0:17:00
==================================
浏览器加载项
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[netup]
{0A44CDEC-87D0-4D4D-BF97-DE9AFB9B104A} <C:\WINDOWS\system32\netiup.dll, >
[MyIEHelper Class]
{16B770A0-0E87-4278-B748-2460D64A8386} <C:\Documents and Settings\All Users\Application Data\Microsoft\UserData\IEHelper_5026.dll, N/A>
[SYM]
{36BF6929-DCBC-4CCD-A620-C5E3BBA77B95} <C:\WINDOWS\system32\usersrd.dll, >
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <d:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[Vision]
{6671A431-5C3D-463d-A7CF-5587F9B7E191} <C:\PROGRA~1\MMSASS~1\mmsass~1.dll, >
[NXIECatcher Class]
{83B80A9C-D91A-4F22-8DCF-EA7204039F79} <d:\Program Files\Xi\NetXfer\NXIEHelper.dll, Xi>
[番茄花园]
{6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.tomatolei.com, N/A>
[鱼鱼软件]
{6096E38F-5AC3-4391-8EC4-75DFA92FB32F} <http://www.cfishsoft.com, N/A>
[MMSAssistMenu]
{6671A433-5C3D-463d-A7CF-5587F9B7E191} <C:\PROGRA~1\MMSASS~1\mmsass~1.dll, >
[QQIEFloatBarCfgCmd Class]
{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <d:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[NetXfer]
{C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} <d:\Program Files\Xi\NetXfer\NXToolBar.dll, Xi>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[netup]
{0A44CDEC-87D0-4D4D-BF97-DE9AFB9B104A} <C:\WINDOWS\system32\netiup.dll, >
[MyIEHelper Class]
{16B770A0-0E87-4278-B748-2460D64A8386} <C:\Documents and Settings\All Users\Application Data\Microsoft\UserData\IEHelper_5026.dll, N/A>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[SYM]
{36BF6929-DCBC-4CCD-A620-C5E3BBA77B95} <C:\WINDOWS\system32\usersrd.dll, >
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <d:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[Vision]
{6671A431-5C3D-463D-A7CF-5587F9B7E191} <C:\PROGRA~1\MMSASS~1\mmsass~1.dll, >
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[NXIECatcher Class]
{83B80A9C-D91A-4F22-8DCF-EA7204039F79} <d:\Program Files\Xi\NetXfer\NXIEHelper.dll, Xi>
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[NetXfer]
{C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} <d:\Program Files\Xi\NetXfer\NXToolBar.dll, Xi>
[AUDIO__X_MS_WMA Moniker Class]
{CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\macromed\flash\Flash85.ocx, Macromedia, Inc.>
[>>彩信发送<<]
<res://C:\PROGRA~1\MMSASS~1\mmsass~1.dll/mms.htm, N/A>
[使用网络传送带下载]
<D:\Program Files\Xi\NetXfer\NXAddLink.html, N/A>
[使用网络传送带下载全部链接]
<D:\Program Files\Xi\NetXfer\NXAddList.html, N/A>
[导出到 Microsoft Excel(&x)]
<res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000, N/A>
[添加到QQ表情]
<d:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
salthw - 2006-10-6 0:18:00
==================================
正在运行的进程
[PID: 504][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 552][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 576][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 620][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 632][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 788][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 848][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 940][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1016][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1052][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1224][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[PID: 1472][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1524][C:\WINDOWS\system32\rundll32.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\PROGRA~1\MMSASS~1\MMSSVER.DLL] [, 1, 2, 0, 6]
[PID: 1648][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[d:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll] [Anti-Malware Development a.s., 4, 0, 0, 172]
[D:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0]
[C:\WINDOWS\system32\usersrd.dll] [, 1, 0, 0, 1]
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\scrchpg.dll] [Kaspersky Lab, 5.0.1.18]
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\scrch_ag.dll] [Kaspersky Lab, 5.0.383.1]
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\FSSync.dll] [Kaspersky Lab, 5.0.383.0]
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\pr_rmt.dll] [Kaspersky Lab, 5.0.383.0]
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\ccclient.dll] [Kaspersky Lab, 5.0.383.1]
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\klipc.dll] [Kaspersky Lab, 5.0.383.0]
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\KLUtil.dll] [Kaspersky Lab, 5.0.383.1]
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\rpt.dll] [Kaspersky Lab, 5.0.383.2]
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\CCIFACE.dll] [Kaspersky Lab, 5.0.383.1]
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\prloader.dll] [Kaspersky Lab, 5.0.383.0]
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\prkernel.ppl] [Kaspersky Lab, 5.0.383.0]
[d:\program files\kaspersky lab\kaspersky anti-virus personal pro\prstring.ppl] [Kaspersky Lab, 5.0.383.0]
[d:\program files\kaspersky lab\kaspersky anti-virus personal pro\pr_srv.ppl] [Kaspersky Lab, 5.0.383.0]
[d:\program files\kaspersky lab\kaspersky anti-virus personal pro\pr_clnt.ppl] [Kaspersky Lab, 5.0.383.0]
[d:\program files\kaspersky lab\kaspersky anti-virus personal pro\tempfile.ppl] [Kaspersky Lab, 5.0.383.0]
[C:\Program Files\WinRAR\rarext.dll] [N/A, N/A]
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\shellex.dll] [Kaspersky Lab, 5.0.383.1]
[d:\Program Files\ewido anti-spyware 4.0\context.dll] [Anti-Malware Development a.s., 4, 0, 0, 172]
[C:\PROGRA~1\MMSASS~1\mmsass~1.dll] [, 1, 2, 0, 6]
[D:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRdIF.dll] [Adobe Systems Incorporated, 7, 0, 5, 0]
[D:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.dll] [Adobe Systems Incorporated, 7.0.8.2006051600]
[D:\Program Files\Adobe\Acrobat 7.0\Reader\AGM.dll] [Adobe Systems Incorporated, 4.14.45]
[D:\Program Files\Adobe\Acrobat 7.0\Reader\CoolType.dll] [Adobe Systems Incorporated, 5.01.41]
[D:\Program Files\Adobe\Acrobat 7.0\Reader\BIB.dll] [Adobe Systems Incorporated, 1.1.18]
[D:\Program Files\Adobe\Acrobat 7.0\Reader\ACE.dll] [Adobe Systems Incorporated, 2.07.28]
[D:\Program Files\Adobe\Acrobat 7.0\Reader\JP2KLib.dll] [Adobe Systems Incorporated, 1.0.41402]
[D:\Program Files\Adobe\Acrobat 7.0\Reader\AXE16SharedExpat.dll] [Adobe Systems Incorporated, 3.2.402]
[PID: 1676][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1792][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1856][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 1380][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] [RealNetworks, Inc., 0.1.0.3292]
[PID: 1616][C:\WINDOWS\VM303_STI.EXE] [Vimicro, 4, 2, 1124, 6]
[C:\WINDOWS\system32\msdmo.dll] [N/A, N/A]
[C:\WINDOWS\system32\VM303Prp.Ax] [Vimicro, 1.00.01.00]
[PID: 1840][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2140][D:\Program Files\ewido anti-spyware 4.0\ewido.exe] [Anti-Malware Development a.s., 4, 0, 0, 172]
[D:\Program Files\ewido anti-spyware 4.0\engine.dll] [Anti-Malware Development a.s., 4, 0, 0, 172]
[PID: 2440][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 876][c:\windows\system32\wbem\winlogon.exe] [Microsoft, 1.0.0.0]
[PID: 1036][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\netiup.dll] [, 1, 0, 0, 1]
[C:\WINDOWS\system32\usersrd.dll] [, 1, 0, 0, 1]
[C:\PROGRA~1\MMSASS~1\mmsass~1.dll] [, 1, 2, 0, 6]
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\scrchpg.dll] [Kaspersky Lab, 5.0.1.18]
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\scrch_ag.dll] [Kaspersky Lab, 5.0.383.1]
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\FSSync.dll] [Kaspersky Lab, 5.0.383.0]
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\pr_rmt.dll] [Kaspersky Lab, 5.0.383.0]
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\ccclient.dll] [Kaspersky Lab, 5.0.383.1]
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\klipc.dll] [Kaspersky Lab, 5.0.383.0]
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\KLUtil.dll] [Kaspersky Lab, 5.0.383.1]
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\rpt.dll] [Kaspersky Lab, 5.0.383.2]
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\CCIFACE.dll] [Kaspersky Lab, 5.0.383.1]
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\prloader.dll] [Kaspersky Lab, 5.0.383.0]
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\prkernel.ppl] [Kaspersky Lab, 5.0.383.0]
[d:\program files\kaspersky lab\kaspersky anti-virus personal pro\prstring.ppl] [Kaspersky Lab, 5.0.383.0]
[d:\program files\kaspersky lab\kaspersky anti-virus personal pro\pr_srv.ppl] [Kaspersky Lab, 5.0.383.0]
[d:\program files\kaspersky lab\kaspersky anti-virus personal pro\pr_clnt.ppl] [Kaspersky Lab, 5.0.383.0]
[d:\program files\kaspersky lab\kaspersky anti-virus personal pro\tempfile.ppl] [Kaspersky Lab, 5.0.383.0]
[C:\WINDOWS\system32\macromed\flash\Flash85.ocx] [Macromedia, Inc., 8,5,0,133]
[PID: 2284][C:\Documents and Settings\106\桌面\sreng2\SREng\SREng.exe] [Smallfrogs Studio, 2.2.6.605]
==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
127.0.0.1 localhost
==================================
我无邪 - 2006-10-6 0:30:00
c:\windows\system32\wbem\winlogon.exe
看以下的帖子
http://forum.ikaka.com/topic.asp?board=67&artid=8185007
我无邪 - 2006-10-6 0:30:00
楼主按以上帖子说的修复后重启。
再扫个日志粘上来。
salthw - 2006-10-6 12:45:00
To 我无邪: 大恩不言报了!我按照你的帖子逐一进行了修复,遇到下面一些问题:
1. 打开System Repair Engineer(也就是你的扫描日志软件SREng.exe),点“启动项目,服务,点“Win32服务应用程序”勾选“隐藏微软服务”选中病毒服务ASP.NET Work State Service,NetFrame Wireless Configuration ,选择“删除服务”点“设置”选择“否”最后重启。(每一个逗号隔开的就是一个病毒的服务,请逐一删除)
<Human Interface Device Acess/hidServ Stoped/disable 这个用不用删除?>
2. 打开System Repair Engineer(也就是你的扫描日志软件SREng.exe),点“启动项目,服务,点“驱动程序”勾选“隐藏以认证的微软服务”选中病毒服务Albus ,选择“删除服务”点“设置”选择“否” <未找到ALBUS服务>
3. 关闭所有浏览窗口以及一些不必要的程序
打开System Repair Engineer(也就是你的扫描日志软件SREng.exe),使用“系统修复,浏览器加载项”来删除以下选项。
c:\WINDOWS\system32\sys32dev.dll <未找到>
C:\WINDOWS\system32\usercrd.dll <未找到><有usersrd.dll>
C:\WINDOWS\system32\IEHelper.dll <未找到>
删除(关键第2、3项,这两项一定要删除)
c:\windows\system32\acss.dll <未找到>
C:\WINDOWS\system32\sdmAgent22.dll <未找到>
C:\WINDOWS\system32\sys32dev.dll <未找到>
C:\WINDOWS\system32\usercrd.dll <未找到>
c:\windows\system32\wbem\winlogon.exe <未找到>
C:\WINDOWS\System32\STDSVER.DLL <未找到>
4. 删除
59.34.148.98 www.hao123.com
59.34.148.98 www.4199.com
59.34.148.98 www.9505.com
59.34.148.98 www.7322.com
218.5.76.175 www.huoche.com.cn <这些都未找到>
salthw - 2006-10-6 12:53:00
目前不再用网页往外弹了 不过看进程里还有 winlogon.exe
2006-10-06,12:44:23
System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)
Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能
以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Corporation]
<bgswitch><C:\WINDOWS\system32\bgswitch.exe> [N/A]
<MyShares><c:\program Files\忆多多\MyShares.exe /tray> [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
<run><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Corporation]
<PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Corporation]
<PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Corporation]
<KAVPersonal50><"d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize> [Kaspersky Lab]
<TkBellExe><; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<IMSCMIG40W><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40W\IMSCMIG.EXE /SetPreload /Log> [Microsoft Corporation]
<BigDog303><C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)> [N/A]
<!ewido><"D:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized> [Anti-Malware Development a.s.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Corporation]
salthw - 2006-10-6 12:54:00
==================================
启动文件夹
N/A
==================================
服务
[ewido anti-spyware 4.0 guard / ewido anti-spyware 4.0 guard]
<d:\Program Files\ewido anti-spyware 4.0\guard.exe><Anti-Malware Development a.s.>
[Human Interface Device Access / HidServ]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[kavsvc / kavsvc]
<"d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe"><Kaspersky Lab>
==================================
驱动程序
[标准 IDE/ESDI 硬盘控制器 / atapi]
<\SystemRoot\system32\DRIVERS\atapi.sys><N/A>
[d346bus / d346bus]
<\SystemRoot\system32\DRIVERS\d346bus.sys><>
[d346prt / d346prt]
<\SystemRoot\System32\Drivers\d346prt.sys><>
[ewido anti-spyware 4.0 driver / ewido anti-spyware 4.0 driver]
<\??\d:\Program Files\ewido anti-spyware 4.0\guard.sys><N/A>
[Kl1 / Kl1]
<\SystemRoot\System32\drivers\kl1.sys><Kaspersky Lab>
[Klif / Klif]
<System32\drivers\klif.sys><Kaspersky Labs>
[Klmc / Klmc]
<System32\drivers\klmc.sys><Kaspersky Lab>
[npkcrypt / npkcrypt]
<\??\D:\Program Files\Tencent\qq\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[ProcServ / ProcServ]
<\??\C:\WINDOWS\system32\drivers\ProcServ.sys><N/A>
[Direct Parallel Link Driver / Ptilink]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek 10/100/1000 NIC Family all in one NDIS XP Driver / RTL8023xp]
<system32\DRIVERS\Rtnicxp.sys><N/A>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139]
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv]
<system32\DRIVERS\secdrv.sys><N/A>
[TSP / TSP]
<\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Labs>
[ViaIde / ViaIde]
<\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
[VIA AC'97 Audio Controller (WDM) / VIAudio]
<system32\drivers\ac97via.sys><VIA Technologies, Inc.>
[World Standard Teletext Codec / WSTCODEC]
<system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[XPROTECTOR / XPROTECTOR]
<\??\C:\WINDOWS\system32\drivers\Xprotector.sys><N/A>
[VIMICRO USB PC Camera (ZC0301PLH) / ZSMC303]
<System32\Drivers\usbVM303.sys><VM>
salthw - 2006-10-6 12:55:00
==================================
浏览器加载项
[netup]
{0A44CDEC-87D0-4D4D-BF97-DE9AFB9B104A} <C:\WINDOWS\system32\netiup.dll, >
[SYM]
{36BF6929-DCBC-4CCD-A620-C5E3BBA77B95} <C:\WINDOWS\system32\usersrd.dll, >
[番茄花园]
{6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.tomatolei.com, N/A>
[鱼鱼软件]
{6096E38F-5AC3-4391-8EC4-75DFA92FB32F} <http://www.cfishsoft.com, N/A>
[QQIEFloatBarCfgCmd Class]
{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <d:\Program Files\Tencent\QQ\QQIEHelper.dll, N/A>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[NetXfer]
{C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} <d:\Program Files\Xi\NetXfer\NXToolBar.dll, Xi>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, N/A>
[netup]
{0A44CDEC-87D0-4D4D-BF97-DE9AFB9B104A} <C:\WINDOWS\system32\netiup.dll, >
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[SYM]
{36BF6929-DCBC-4CCD-A620-C5E3BBA77B95} <C:\WINDOWS\system32\usersrd.dll, >
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <d:\Program Files\Tencent\QQ\QQIEHelper.dll, N/A>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[NXIECatcher Class]
{83B80A9C-D91A-4F22-8DCF-EA7204039F79} <d:\Program Files\Xi\NetXfer\NXIEHelper.dll, N/A>
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[NetXfer]
{C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} <d:\Program Files\Xi\NetXfer\NXToolBar.dll, Xi>
[AUDIO__X_MS_WMA Moniker Class]
{CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\macromed\flash\Flash85.ocx, Macromedia, Inc.>
[导出到 Microsoft Excel(&x)]
<res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000, N/A>
[添加到QQ表情]
<d:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
salthw - 2006-10-6 12:56:00
==================================
正在运行的进程
[PID: 504][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 556][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 580][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 624][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 636][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 796][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 872][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 936][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1004][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1056][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1244][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[PID: 1584][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0]
[C:\WINDOWS\system32\usersrd.dll] [, 1, 0, 0, 1]
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\scrchpg.dll] [Kaspersky Lab, 5.0.1.18]
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\scrch_ag.dll] [Kaspersky Lab, 5.0.383.1]
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\FSSync.dll] [Kaspersky Lab, 5.0.383.0]
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\pr_rmt.dll] [Kaspersky Lab, 5.0.383.0]
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\ccclient.dll] [Kaspersky Lab, 5.0.383.1]
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\klipc.dll] [Kaspersky Lab, 5.0.383.0]
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\KLUtil.dll] [Kaspersky Lab, 5.0.383.1]
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\rpt.dll] [Kaspersky Lab, 5.0.383.2]
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\CCIFACE.dll] [Kaspersky Lab, 5.0.383.1]
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\prloader.dll] [Kaspersky Lab, 5.0.383.0]
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\prkernel.ppl] [Kaspersky Lab, 5.0.383.0]
[d:\program files\kaspersky lab\kaspersky anti-virus personal pro\prstring.ppl] [Kaspersky Lab, 5.0.383.0]
[d:\program files\kaspersky lab\kaspersky anti-virus personal pro\pr_srv.ppl] [Kaspersky Lab, 5.0.383.0]
[d:\program files\kaspersky lab\kaspersky anti-virus personal pro\pr_clnt.ppl] [Kaspersky Lab, 5.0.383.0]
[d:\program files\kaspersky lab\kaspersky anti-virus personal pro\tempfile.ppl] [Kaspersky Lab, 5.0.383.0]
[PID: 1656][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 348][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 392][C:\WINDOWS\VM303_STI.EXE] [Vimicro, 4, 2, 1124, 6]
[C:\WINDOWS\system32\msdmo.dll] [N/A, N/A]
[C:\WINDOWS\system32\VM303Prp.Ax] [Vimicro, 1.00.01.00]
[PID: 1544][D:\Program Files\ewido anti-spyware 4.0\ewido.exe] [Anti-Malware Development a.s., 4, 0, 0, 172]
[D:\Program Files\ewido anti-spyware 4.0\engine.dll] [Anti-Malware Development a.s., 4, 0, 0, 172]
[PID: 852][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 868][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2764][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\netiup.dll] [, 1, 0, 0, 1]
[C:\WINDOWS\system32\usersrd.dll] [, 1, 0, 0, 1]
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\scrchpg.dll] [Kaspersky Lab, 5.0.1.18]
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\scrch_ag.dll] [Kaspersky Lab, 5.0.383.1]
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\FSSync.dll] [Kaspersky Lab, 5.0.383.0]
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\pr_rmt.dll] [Kaspersky Lab, 5.0.383.0]
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\ccclient.dll] [Kaspersky Lab, 5.0.383.1]
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\klipc.dll] [Kaspersky Lab, 5.0.383.0]
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\KLUtil.dll] [Kaspersky Lab, 5.0.383.1]
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\rpt.dll] [Kaspersky Lab, 5.0.383.2]
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\CCIFACE.dll] [Kaspersky Lab, 5.0.383.1]
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\prloader.dll] [Kaspersky Lab, 5.0.383.0]
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\prkernel.ppl] [Kaspersky Lab, 5.0.383.0]
[d:\program files\kaspersky lab\kaspersky anti-virus personal pro\prstring.ppl] [Kaspersky Lab, 5.0.383.0]
[d:\program files\kaspersky lab\kaspersky anti-virus personal pro\pr_srv.ppl] [Kaspersky Lab, 5.0.383.0]
[d:\program files\kaspersky lab\kaspersky anti-virus personal pro\pr_clnt.ppl] [Kaspersky Lab, 5.0.383.0]
[d:\program files\kaspersky lab\kaspersky anti-virus personal pro\tempfile.ppl] [Kaspersky Lab, 5.0.383.0]
[C:\WINDOWS\system32\macromed\flash\Flash85.ocx] [Macromedia, Inc., 8,5,0,133]
[C:\WINDOWS\system32\WINABCX.IME] [PKUETI, 5.22.216]
[PID: 2600][C:\Program Files\WinRAR\WinRAR.exe] [N/A, N/A]
[PID: 2516][C:\DOCUME~1\106\LOCALS~1\Temp\Rar$EX00.267\SREng\SREng.exe] [Smallfrogs Studio, 2.2.6.605]
==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
127.0.0.1 localhost
==================================
我无邪 - 2006-10-6 20:01:00
很好,再加强一下。
关闭所有浏览窗口以及一些不必要的程序
打开System Repair Engineer(也就是你的扫描日志软件SREng.exe),使用“系统修复,浏览器加载项”来删除以下选项
C:\WINDOWS\system32\netiup.dll
C:\WINDOWS\system32\usersrd.dll
打开System Repair Engineer(也就是你的扫描日志软件SREng.exe),点“启动项目,服务,点“驱动程序”勾选“隐藏以认证的微软服务”选中病毒服务ProcServ,选择“删除服务”点“设置”选择“否”
打开System Repair Engineer(也就是你的扫描日志软件SREng.exe),使用“启动项目,注册表”来删除以下选项。
c:\program Files\忆多多\MyShares.exe
删除
c:\program Files\忆多多
请到www.27814939.ys168.com,点“我的软件”下载KillBox.exe
重新启动电脑, 开机检测完后, 按[F8]键(可以一直按到启动菜单出来为止), 选择安全模式进入Windows
双击打开KillBox.exe,分别删除
C:\WINDOWS\system32\drivers\ProcServ.sys
C:\WINDOWS\system32\netiup.dll
C:\WINDOWS\system32\usersrd.dll
(删除时勾选“删除前先结束Explorer.EXE进程”不行再试着勾选"删除DLL文件前反注册此文件"
给菜鸟的东东—KillBox的使用技巧
http://forum.ikaka.com/topic.asp?board=28&artid=8160799
有异常,烦再扫个日志粘上来。
salthw - 2006-10-6 22:38:00
To:我无邪 太感谢了,真是好人!中秋快乐!
salthw - 2006-10-7 0:31:00
To:我无邪 在你的指导下又加强了一下
打开System Repair Engineer(也就是你的扫描日志软件SREng.exe),点“启动项目,服务,点“驱动程序”勾选“隐藏以认证的微软服务”选中病毒服务ProcServ,选择“删除服务”点“设置”选择“否” <病毒服务ProcServ还存在> <不过
C:\WINDOWS\system32\drivers\ProcServ.sys
C:\WINDOWS\system32\netiup.dll
C:\WINDOWS\system32\usersrd.dll 这些都用KillBox.exe的替换文件之后删掉了>
salthw - 2006-10-7 0:34:00
2006-10-07,00:21:26 又扫描了一次
System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)
Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能
以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Corporation]
<bgswitch><C:\WINDOWS\system32\bgswitch.exe> [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
<run><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Corporation]
<PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Corporation]
<PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Corporation]
<TkBellExe><; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<IMSCMIG40W><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40W\IMSCMIG.EXE /SetPreload /Log> [Microsoft Corporation]
<BigDog303><C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)> [N/A]
<!ewido><"D:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized> [Anti-Malware Development a.s.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Corporation]
==================================
启动文件夹
N/A
==================================
服务
[ewido anti-spyware 4.0 guard / ewido anti-spyware 4.0 guard]
<d:\Program Files\ewido anti-spyware 4.0\guard.exe><Anti-Malware Development a.s.>
[Human Interface Device Access / HidServ]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[kavsvc / kavsvc]
<"d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe"><Kaspersky Lab>
[P4P Service / P4P Service]
<C:\Program Files\Common Files\Sogou PXP\p2psvr.exe><Sohu.com Inc.>
==================================
驱动程序
[标准 IDE/ESDI 硬盘控制器 / atapi]
<\SystemRoot\system32\DRIVERS\atapi.sys><N/A>
[d346bus / d346bus]
<\SystemRoot\system32\DRIVERS\d346bus.sys><>
[d346prt / d346prt]
<\SystemRoot\System32\Drivers\d346prt.sys><>
[ewido anti-spyware 4.0 driver / ewido anti-spyware 4.0 driver]
<\??\d:\Program Files\ewido anti-spyware 4.0\guard.sys><N/A>
[Kl1 / Kl1]
<\SystemRoot\System32\drivers\kl1.sys><Kaspersky Lab>
[Klif / Klif]
<System32\drivers\klif.sys><Kaspersky Labs>
[Klmc / Klmc]
<System32\drivers\klmc.sys><Kaspersky Lab>
[npkcrypt / npkcrypt]
<\??\D:\Program Files\Tencent\qq\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[ProcServ / ProcServ]
<\??\C:\WINDOWS\system32\drivers\ProcServ.sys><N/A>
[Direct Parallel Link Driver / Ptilink]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek 10/100/1000 NIC Family all in one NDIS XP Driver / RTL8023xp]
<system32\DRIVERS\Rtnicxp.sys><N/A>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139]
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv]
<system32\DRIVERS\secdrv.sys><N/A>
[TSP / TSP]
<\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Labs>
[ViaIde / ViaIde]
<\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
[VIA AC'97 Audio Controller (WDM) / VIAudio]
<system32\drivers\ac97via.sys><VIA Technologies, Inc.>
[World Standard Teletext Codec / WSTCODEC]
<system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[XPROTECTOR / XPROTECTOR]
<\??\C:\WINDOWS\system32\drivers\Xprotector.sys><N/A>
[VIMICRO USB PC Camera (ZC0301PLH) / ZSMC303]
<System32\Drivers\usbVM303.sys><VM>
salthw - 2006-10-7 0:35:00
==================================
浏览器加载项
[番茄花园]
{6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.tomatolei.com, N/A>
[鱼鱼软件]
{6096E38F-5AC3-4391-8EC4-75DFA92FB32F} <http://www.cfishsoft.com, N/A>
[QQIEFloatBarCfgCmd Class]
{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <d:\Program Files\Tencent\QQ\QQIEHelper.dll, N/A>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[NetXfer]
{C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} <d:\Program Files\Xi\NetXfer\NXToolBar.dll, Xi>
[MMCPlayer Class]
{05C1004E-2596-48E5-8E26-39362985EEB9} <d:\Program Files\feidianTV\MMCShell.dll, Sohu.com Inc.>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, N/A>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HHCtrl Object]
{52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <d:\Program Files\Tencent\QQ\QQIEHelper.dll, N/A>
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[NXIECatcher Class]
{83B80A9C-D91A-4F22-8DCF-EA7204039F79} <d:\Program Files\Xi\NetXfer\NXIEHelper.dll, N/A>
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[NetXfer]
{C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} <d:\Program Files\Xi\NetXfer\NXToolBar.dll, Xi>
[AUDIO__X_MS_WMA Moniker Class]
{CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_ASF Moniker Class]
{CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\macromed\flash\Flash85.ocx, Macromedia, Inc.>
[导出到 Microsoft Excel(&x)]
<res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000, N/A>
[添加到QQ表情]
<d:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
==================================
正在运行的进程
[PID: 504][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 552][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 576][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 620][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 632][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 792][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 852][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 944][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1012][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1092][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1240][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[PID: 1584][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0]
[C:\Program Files\WinRAR\rarext.dll] [N/A, N/A]
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\shellex.dll] [Kaspersky Lab, 5.0.383.1]
[d:\Program Files\ewido anti-spyware 4.0\context.dll] [Anti-Malware Development a.s., 4, 0, 0, 172]
[PID: 1620][C:\Program Files\Common Files\Sogou PXP\p2psvr.exe] [Sohu.com Inc., 2, 0, 0, 24]
[C:\Program Files\Sogou PXP\vodsvr.dll] [Sohu.com Inc., 2, 0, 0, 21]
[C:\Program Files\Sogou PXP\pxpnet.dll] [Sohu.com Inc., 1, 0, 0, 3]
[C:\Program Files\Sogou PXP\p2pclient.dll] [Sohu.com Inc., 1, 0, 0, 6]
[PID: 1680][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 920][C:\WINDOWS\VM303_STI.EXE] [Vimicro, 4, 2, 1124, 6]
[C:\WINDOWS\system32\msdmo.dll] [N/A, N/A]
[C:\WINDOWS\system32\VM303Prp.Ax] [Vimicro, 1.00.01.00]
[PID: 928][D:\Program Files\ewido anti-spyware 4.0\ewido.exe] [Anti-Malware Development a.s., 4, 0, 0, 172]
[D:\Program Files\ewido anti-spyware 4.0\engine.dll] [Anti-Malware Development a.s., 4, 0, 0, 172]
[PID: 972][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1144][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2372][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2916][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0]
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\scrchpg.dll] [Kaspersky Lab, 5.0.1.18]
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\scrch_ag.dll] [Kaspersky Lab, 5.0.383.1]
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\FSSync.dll] [Kaspersky Lab, 5.0.383.0]
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\pr_rmt.dll] [Kaspersky Lab, 5.0.383.0]
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\ccclient.dll] [Kaspersky Lab, 5.0.383.1]
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\klipc.dll] [Kaspersky Lab, 5.0.383.0]
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\KLUtil.dll] [Kaspersky Lab, 5.0.383.1]
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\rpt.dll] [Kaspersky Lab, 5.0.383.2]
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\CCIFACE.dll] [Kaspersky Lab, 5.0.383.1]
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\prloader.dll] [Kaspersky Lab, 5.0.383.0]
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\prkernel.ppl] [Kaspersky Lab, 5.0.383.0]
[d:\program files\kaspersky lab\kaspersky anti-virus personal pro\prstring.ppl] [Kaspersky Lab, 5.0.383.0]
[d:\program files\kaspersky lab\kaspersky anti-virus personal pro\pr_srv.ppl] [Kaspersky Lab, 5.0.383.0]
[d:\program files\kaspersky lab\kaspersky anti-virus personal pro\pr_clnt.ppl] [Kaspersky Lab, 5.0.383.0]
[d:\program files\kaspersky lab\kaspersky anti-virus personal pro\tempfile.ppl] [Kaspersky Lab, 5.0.383.0]
[C:\WINDOWS\system32\macromed\flash\Flash85.ocx] [Macromedia, Inc., 8,5,0,133]
[C:\WINDOWS\system32\WINABCX.IME] [PKUETI, 5.22.216]
[PID: 3784][C:\DOCUME~1\106\LOCALS~1\Temp\Rar$EX00.897\SREng\SREng.exe] [Smallfrogs Studio, 2.2.6.605]
[PID: 4004][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\scrchpg.dll] [Kaspersky Lab, 5.0.1.18]
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\scrch_ag.dll] [Kaspersky Lab, 5.0.383.1]
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\FSSync.dll] [Kaspersky Lab, 5.0.383.0]
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\pr_rmt.dll] [Kaspersky Lab, 5.0.383.0]
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\ccclient.dll] [Kaspersky Lab, 5.0.383.1]
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\klipc.dll] [Kaspersky Lab, 5.0.383.0]
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\KLUtil.dll] [Kaspersky Lab, 5.0.383.1]
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\rpt.dll] [Kaspersky Lab, 5.0.383.2]
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\CCIFACE.dll] [Kaspersky Lab, 5.0.383.1]
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\prloader.dll] [Kaspersky Lab, 5.0.383.0]
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\prkernel.ppl] [Kaspersky Lab, 5.0.383.0]
[d:\program files\kaspersky lab\kaspersky anti-virus personal pro\prstring.ppl] [Kaspersky Lab, 5.0.383.0]
[d:\program files\kaspersky lab\kaspersky anti-virus personal pro\pr_srv.ppl] [Kaspersky Lab, 5.0.383.0]
[d:\program files\kaspersky lab\kaspersky anti-virus personal pro\pr_clnt.ppl] [Kaspersky Lab, 5.0.383.0]
[d:\program files\kaspersky lab\kaspersky anti-virus personal pro\tempfile.ppl] [Kaspersky Lab, 5.0.383.0]
==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
127.0.0.1 localhost
==================================
1
© 2000 - 2026 Rising Corp. Ltd.