瑞星卡卡安全论坛

首页 » 技术交流区 » 反病毒/反流氓软件论坛 » 3448.com,中毒了,怎么也删不了,帮我看看(有扫描日记)
aadddd - 2006-11-15 22:03:00
中了www.3448.com,重装了也没有用哦,用黄山ie ,一点就关机,360也一样,都是一点就关机了。
安全模式也进不去,进去就蓝屏
aadddd - 2006-11-15 22:04:00

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <Internat.exe><internat.exe>  [(Verified)Microsoft Corporation]
    <swg><C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe>  [(Verified)Google Inc.]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <Synchronization Manager><mobsync.exe /logon>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINNT\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><(无)>  [N/A]

==================================
启动文件夹
N/A

==================================
服务
[Logical Disk Manager Administrative Service / dmadmin]
  <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[Kingsoft Personal Firewall Service / KPfwSvc]
  <"C:\KAV2007\KPfwSvc.EXE"><Kingsoft Corporation>
[Kingsoft Antivirus KWatch Service / KWatchSvc]
  <C:\KAV2007\KWatch.EXE><Kingsoft Corporation>
[NVIDIA Driver Helper Service / NVSvc]
  <C:\WINNT\system32\nvsvc32.exe><NVIDIA Corporation>
[Portable Media Serial Number Service / WmdmPmSN]
  <C:\WINNT\System32\svchost.exe -k netsvcs-->C:\WINNT\system32\mspmsnsv.dll><Microsoft Corporation>

==================================
驱动程序
[Service for Avance AC'97 Audio (WDM) / ALCXWDM]
  <system32\drivers\ALCXWDM.SYS><Avance Logic, Inc.>
[HelloNet PPPoE 虚拟网卡 / BRPPPOE]
  <system32\DRIVERS\brpppoe.sys><N/A>
[Cdr4_2K / Cdr4_2K]
  <C:\WINNT\SYSTEM32\DRIVERS\Cdr4_2K.SYS><Roxio>
[Cdralw2k / Cdralw2k]
  <C:\WINNT\SYSTEM32\DRIVERS\Cdralw2k.SYS><Roxio>
[dmboot / dmboot]
  <System32\drivers\dmboot.sys><VERITAS Software Corp.>
[Logical Disk Manager Driver / dmio]
  <\SystemRoot\System32\drivers\dmio.sys><VERITAS Software Corp.>
[dmload / dmload]
  <\SystemRoot\System32\drivers\dmload.sys><VERITAS Software Corp.>
[KNetWch / KNetWch]
  <\??\C:\KAV2007\KNetWch.SYS><Kingsoft Corporation>
[KWatch3 / KWatch3]
  <\??\C:\WINNT\system32\drivers\KWatch3.SYS><Kingsoft Corporation>
[CHINAWAN EN1000TX 100/10M Ethernet PCI Adapter / MTD80X]
  <system32\DRIVERS\FEAND5.SYS><>
[npkcrypt / npkcrypt]
  <\??\D:\qq\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>

==================================
浏览器加载项
[CBrowseStakeout Class]
  {55302805-482E-470E-8A57-6795A1487F90} <C:\KAV2007\KAVAFish.DLL, Kingsoft Corporation>
[IeCatch2 Class]
  {A5366673-E8CA-11D3-9CD9-0090271D075B} <C:\PROGRA~1\FLASHGET\jccatch.dll, Amaze Soft>
[Google Toolbar Helper]
  {AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[FlashGet]
  {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <C:\PROGRA~1\FLASHGET\flashget.exe, Amaze Soft>
[百万图库]
  {6713E8D2-850A-101B-AFC0-4210102A8DA7} <http://www.26-3.com/p, N/A>
[铃声图片下载]
  {7713E8D2-850A-101B-AFC0-4210102A8DA7} <http://www.26-3.com/sms/index.htm, N/A>
[&Google]
  {2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[上传到QQ网络硬盘]
  <D:\qq\AddToNetDisk.htm, N/A>
[使用网际快车下载]
  <C:\PROGRA~1\FLASHGET\jc_link.htm, N/A>
[使用网际快车下载全部链接]
  <C:\PROGRA~1\FLASHGET\jc_all.htm, N/A>
[添加到QQ自定义面板]
  <D:\qq\AddPanel.htm, N/A>
[添加到QQ表情]
  <D:\qq\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <D:\qq\SendMMS.htm, N/A>
[金山毒霸反钓鱼...]
  <C:\KAV2007\KAF\ShowSet.htm, N/A>

==================================
aadddd - 2006-11-15 22:04:00
正在运行的进程
[PID: 140][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 164][\??\C:\WINNT\system32\csrss.exe]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 184][\??\C:\WINNT\system32\winlogon.exe]  [Microsoft Corporation, 5.00.2195.6714]
[PID: 212][C:\WINNT\system32\services.exe]  [Microsoft Corporation, 5.00.2195.6700]
    [C:\WINNT\system32\dmserver.dll]  [VERITAS Software Corp., 2195.6605.297.3]
[PID: 224][C:\WINNT\system32\lsass.exe]  [Microsoft Corporation, 5.00.2195.6695]
[PID: 404][C:\KAV2007\KWatch.EXE]  [Kingsoft Corporation, 2005, 9, 27, 51]
    [C:\KAV2007\KAVIPC2.DLL]  [Kingsoft Corporation, 2004, 12, 28, 20]
    [C:\KAV2007\KAEPlat.DLL]  [Kingsoft Corp., 2006, 5, 30, 59]
    [C:\KAV2007\KAEMem.DAT]  [Kingsoft, 2006, 5, 17, 14]
    [C:\KAV2007\KAEUnpack.DAT]  [Kingsoft Corp., 2006, 7, 27, 59]
[PID: 432][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
[PID: 476][C:\WINNT\system32\spoolsv.exe]  [Microsoft Corporation, 5.00.2195.6659]
[PID: 512][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
[PID: 528][C:\KAV2007\KPfwSvc.EXE]  [Kingsoft Corporation, 2005, 9, 5, 28]
[PID: 560][C:\WINNT\system32\nvsvc32.exe]  [NVIDIA Corporation, 6.14.10.4467]
[PID: 636][C:\WINNT\system32\regsvc.exe]  [Microsoft Corporation, 5.00.2195.6701]
[PID: 568][C:\WINNT\system32\MSTask.exe]  [Microsoft Corporation, 4.71.2195.6704]
[PID: 296][C:\WINNT\System32\WBEM\WinMgmt.exe]  [Microsoft Corporation, 1.50.1085.0100]
[PID: 764][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
[PID: 876][C:\WINNT\Explorer.EXE]  [Microsoft Corporation, 5.00.3700.6690]
    [C:\WINNT\system32\z7fnv.dll]  [N/A, N/A]
    [C:\WINNT\system32\drivers\nmprt.sys]  [N/A, N/A]
    [C:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
    [C:\KAV2007\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 9, 7, 132]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, N/A]
    [C:\KAV2007\KAVEXT.DLL]  [Kingsoft Corporation, 2005, 8, 5, 16]
    [D:\qq\qdshm.dll]  [, 1, 0, 101, 20]
    [C:\PROGRA~1\FLASHGET\jccatch.dll]  [Amaze Soft, 1, 1, 4, 0]
    [C:\KAV2007\KAScript.DLL]  [Kingsoft Corporation, 2006, 2, 10, 60]
    [C:\KAV2007\KAEPlat.DLL]  [Kingsoft Corp., 2006, 5, 30, 59]
    [C:\KAV2007\KAEMem.DAT]  [Kingsoft, 2006, 5, 17, 14]
    [C:\KAV2007\KAEUnpack.DAT]  [Kingsoft Corp., 2006, 7, 27, 59]
[PID: 948][C:\WINNT\system32\rundll32.exe]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\z7fnv.dll]  [N/A, N/A]
    [C:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
    [C:\WINNT\system32\drivers\nmprt.sys]  [N/A, N/A]
[PID: 976][C:\KAV2007\KAVStart.exe]  [Kingsoft Corporation, 2006, 9, 7, 210]
    [C:\WINNT\system32\z7fnv.dll]  [N/A, N/A]
    [C:\KAV2007\KAVIPC2.DLL]  [Kingsoft Corporation, 2004, 12, 28, 20]
    [C:\KAV2007\SvcTimer.DLL]  [Kingsoft Corporation, 2006.7.24.80]
    [C:\WINNT\system32\drivers\nmprt.sys]  [N/A, N/A]
    [C:\KAV2007\KAVPassp.dll]  [Kingsoft Corporation, 2006, 9, 7, 270]
    [C:\KAV2007\PopSprt3.dll]  [Kingsoft Corporation, 2006, 8, 7, 38]
    [C:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
    [C:\KAV2007\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 9, 7, 132]
[PID: 1008][C:\WINNT\system32\internat.exe]  [Microsoft Corporation, 5.00.2920.0000]
    [C:\WINNT\system32\z7fnv.dll]  [N/A, N/A]
    [C:\WINNT\system32\drivers\nmprt.sys]  [N/A, N/A]
    [C:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
[PID: 1024][C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe]  [Google Inc., 1, 2, 908, 5008]
    [C:\WINNT\system32\z7fnv.dll]  [N/A, N/A]
    [C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\res_zh-CN.dll]  [Google Inc., 1, 2, 908, 5008]
    [C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\swg.dll]  [Google Inc., 1, 2, 908, 5008]
    [C:\WINNT\system32\drivers\nmprt.sys]  [N/A, N/A]
    [C:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
[PID: 1056][C:\WINNT\system32\y.exe]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\drivers\nmprt.sys]  [N/A, N/A]
    [C:\WINNT\system32\z7fnv.dll]  [N/A, N/A]
    [C:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
[PID: 1064][C:\KAV2007\KPFW32.EXE]  [Kingsoft Corporation, 2006, 9, 7, 656]
    [C:\WINNT\system32\drivers\nmprt.sys]  [N/A, N/A]
    [C:\WINNT\system32\z7fnv.dll]  [N/A, N/A]
    [C:\KAV2007\KAVIPC2.DLL]  [Kingsoft Corporation, 2004, 12, 28, 20]
    [C:\KAV2007\KAConfig.DLL]  [Kingsoft Corporation, 2006, 8, 23, 38]
    [C:\KAV2007\FiltList.dll]  [N/A, N/A]
    [C:\KAV2007\KAVPassp.DLL]  [Kingsoft Corporation, 2006, 9, 7, 270]
    [C:\KAV2007\KAEPlat.DLL]  [Kingsoft Corp., 2006, 5, 30, 59]
    [C:\KAV2007\KAEMem.DAT]  [Kingsoft, 2006, 5, 17, 14]
    [C:\KAV2007\KAEUnpack.DAT]  [Kingsoft Corp., 2006, 7, 27, 59]
    [C:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
    [C:\KAV2007\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 9, 7, 132]
[PID: 596][C:\KAV2007\KMailMon.EXE]  [Kingsoft Corporation, 2006, 9, 7, 918]
    [C:\KAV2007\KAntiSpm.dll]  [Kingsoft Corporation, 2006, 8, 19, 104]
    [C:\KAV2007\KAVIPC2.DLL]  [Kingsoft Corporation, 2004, 12, 28, 20]
    [C:\WINNT\system32\drivers\nmprt.sys]  [N/A, N/A]
    [C:\WINNT\system32\z7fnv.dll]  [N/A, N/A]
    [C:\KAV2007\KAECall2.DLL]  [Kingsoft Corporation, 2004, 12, 28, 7]
    [C:\KAV2007\KAEPlat.DLL]  [Kingsoft Corp., 2006, 5, 30, 59]
    [C:\KAV2007\KAEMem.DAT]  [Kingsoft, 2006, 5, 17, 14]
    [C:\KAV2007\KAEUnpack.DAT]  [Kingsoft Corp., 2006, 7, 27, 59]
    [C:\KAV2007\KAConfig.DLL]  [Kingsoft Corporation, 2006, 8, 23, 38]
    [C:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
    [C:\KAV2007\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 9, 7, 132]
[PID: 1280][C:\Program Files\HelloNet\HNMainUI.exe]  [N/A, 2, 3, 0, 1]
    [C:\Program Files\HelloNet\HNKernel.dll]  [HelloNet, 2.2.0.1]
    [C:\Program Files\HelloNet\HNUtils.dll]  [N/A, 2, 2, 0, 1]
    [C:\KAV2007\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 9, 7, 132]
    [C:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
    [C:\WINNT\system32\drivers\nmprt.sys]  [N/A, N/A]
    [C:\WINNT\system32\z7fnv.dll]  [N/A, N/A]
    [C:\Program Files\HelloNet\HNRes_0804.dll]  [N/A, 2, 2, 0, 1]
    [C:\Program Files\HelloNet\plugins\Diagnose.dll]  [HelloNet, 2.2.0.1]
[PID: 264][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2800.1106]
aadddd - 2006-11-15 22:05:00
[C:\KAV2007\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 9, 7, 132]
    [C:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
    [C:\WINNT\system32\drivers\nmprt.sys]  [N/A, N/A]
    [C:\WINNT\system32\z7fnv.dll]  [N/A, N/A]
    [c:\program files\google\googletoolbar2.dll]  [Google Inc., 4, 0, 1020, 3054]
    [C:\KAV2007\KAVAFish.DLL]  [Kingsoft Corporation, 2006, 9, 7, 17]
    [C:\PROGRA~1\FLASHGET\jccatch.dll]  [Amaze Soft, 1, 1, 4, 0]
    [C:\KAV2007\KAScript.DLL]  [Kingsoft Corporation, 2006, 2, 10, 60]
    [C:\KAV2007\KAEPlat.DLL]  [Kingsoft Corp., 2006, 5, 30, 59]
    [C:\KAV2007\KAEMem.DAT]  [Kingsoft, 2006, 5, 17, 14]
    [C:\KAV2007\KAEUnpack.DAT]  [Kingsoft Corp., 2006, 7, 27, 59]
[PID: 1372][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2800.1106]
    [C:\KAV2007\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 9, 7, 132]
    [C:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
    [C:\WINNT\system32\drivers\nmprt.sys]  [N/A, N/A]
    [C:\WINNT\system32\z7fnv.dll]  [N/A, N/A]
    [c:\program files\google\googletoolbar2.dll]  [Google Inc., 4, 0, 1020, 3054]
    [C:\KAV2007\KAVAFish.DLL]  [Kingsoft Corporation, 2006, 9, 7, 17]
    [C:\PROGRA~1\FLASHGET\jccatch.dll]  [Amaze Soft, 1, 1, 4, 0]
    [C:\KAV2007\KAScript.DLL]  [Kingsoft Corporation, 2006, 2, 10, 60]
    [C:\KAV2007\KAEPlat.DLL]  [Kingsoft Corp., 2006, 5, 30, 59]
    [C:\KAV2007\KAEMem.DAT]  [Kingsoft, 2006, 5, 17, 14]
    [C:\KAV2007\KAEUnpack.DAT]  [Kingsoft Corp., 2006, 7, 27, 59]
[PID: 344][C:\Documents and Settings\Administrator\桌面\SREng\SREng.exe]  [Smallfrogs Studio, 2.2.6.605]
    [C:\KAV2007\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 9, 7, 132]
    [C:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
    [C:\WINNT\system32\drivers\nmprt.sys]  [N/A, N/A]
    [C:\WINNT\system32\z7fnv.dll]  [N/A, N/A]
    [C:\Documents and Settings\Administrator\桌面\SREng\Plugins\SRECXTMG.SRE]  [Smallfrogs Studio, 1, 5, 0, 55]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINNT\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
218.201.94.20 localhost
218.201.94.20 www.5566.net
218.201.94.20 www.gjj.cc
218.201.94.20 www.hao123.com
218.201.94.20 www.hao222.com
218.201.94.20 www.9991.com
218.201.94.20 www.2345.com
218.201.94.20 www.7939.com
218.201.94.20 forum.ikaka.com
218.201.94.20 bbs.360safe.com
218.201.94.20 www.360safe.com
218.201.94.20 www.piaoxue.com
218.201.94.20 61.129.58.12
218.201.94.20 forum.jiangmin.com
218.201.94.20 luosoft.com
218.201.94.20 cn.zs.yahoo.com
218.201.94.20 www.znmq.com
218.201.94.20 auto.search.msn.com
218.201.94.20 www.pcav.cn
218.201.94.20 www.cnhx.com.cn
218.201.94.20 btbaicai.com
218.201.94.20 219.239.102.77
218.201.94.20 hz.mop-hz.com
218.201.94.20 www.jacai.com
218.201.94.20 bbs.168safe.com
218.201.94.20 ok.mop-hz.com
218.201.94.20 www.haokan123.com
218.201.94.20 www.7255.com
218.201.94.20 220.181.34.241
1
查看完整版本: 3448.com,中毒了,怎么也删不了,帮我看看(有扫描日记)
© 2000 - 2026 Rising Corp. Ltd.