========Title======== bbs.ikaka.com

mxw810715 - 2007-9-14 14:41:00

[CODE]

2007-09-14,14:19:56

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Professional Service Pack 4 (Build 2195) - 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
进程特权扫描

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<Internat.exe><internat.exe> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<Synchronization Manager><mobsync.exe /logon> [(Verified)Microsoft Windows 2000 Publisher]
<SoundMan><SOUNDMAN.EXE> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<wxClient><C:\WINNT\system32\Clsmn.exe> []
<runeip><"C:\Program Files\Rising\AntiSpyware\runiep.exe" /startup> [Beijing Rising Technology Co., Ltd.]
<DbgHlp32><C:\WINNT\DbgHlp32.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<MSDCG32 ><LYLeador.exe> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows 2000 Publisher]
<Userinit><C:\WINNT\system32\userinit.exe,> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><avwlamn.dll> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<GinaDLL><C:\WINNT\system32\LogUser.dll> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}><C:\WINNT\system32\shlhook.dll> [Beijing Rising Technology Co., Ltd.]
<{1859245F-345D-BC13-AC4F-145D47DA34F1}><C:\WINNT\system32\avzxamn.dll> []
<{12FAACDE-34DA-CCD4-AB4D-DA34485A3421}><C:\WINNT\system32\rsjzapm.dll> []
<{1960356A-458E-DE24-BD50-268F589A56A1}><C:\WINNT\system32\avwlamn.dll> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
<WinlogonNotify: igfxcui><igfxdev.dll> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer 访问><"%SystemRoot%\system32\shmgrate.exe" OCInstallUserConfigIE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express 访问><"%SystemRoot%\system32\shmgrate.exe" OCInstallUserConfigOE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\wmp.inf,PerUserStub> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<Address Book 5><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
<CRLUpdate><%SystemRoot%\system32\updcrl.exe -e -u %SystemRoot%\system32\verisignpub1.crl> [N/A]

==================================
启动文件夹
N/A

==================================
服务
[Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
<C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[GhostStartService / GhostStartService][Running/Auto Start]
<C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe><Symantec Corporation>
[Kingsoft Personal Firewall Service / KPfwSvc][Running/Auto Start]
<"C:\KAV2006\KPfwSvc.EXE"><Kingsoft Corporation>
[Kingsoft Antivirus KWatch Service / KWatchSvc][Running/Auto Start]
<C:\KAV2006\KWatch.EXE><Kingsoft Corporation>
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]
<C:\WINNT\System32\svchost.exe -k netsvcs-->C:\WINNT\system32\mspmsnsv.dll><Microsoft Corporation>
[万象网络文件同步客户端 / wxsyncsrv][Running/Auto Start]
<C:\WINNT\system32\wxsyfcli.exe><成都吉胜科技有限公司>

mxw810715 - 2007-9-14 14:45:00

==================================
驱动程序
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[Sundance ST201 based Adapter NT Driver / DLH5X][Stopped/Manual Start]
<system32\DRIVERS\DLH5XND5.sys><D-Link Corporation>
[dmboot / dmboot][Stopped/Disabled]
<System32\drivers\dmboot.sys><VERITAS Software Corp.>
[Logical Disk Manager Driver / dmio][Running/Boot Start]
<\SystemRoot\System32\drivers\dmio.sys><VERITAS Software Corp.>
[dmload / dmload][Running/Boot Start]
<\SystemRoot\System32\drivers\dmload.sys><VERITAS Software Corp.>
[EagleNT / EagleNT][Stopped/Manual Start]
<\??\C:\WINNT\system32\drivers\EagleNT.sys><N/A>
[GhostPciScanner / GhPciScan][Running/System Start]
<\??\C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys><Symantec Corporation>
[ialm / ialm][Running/Manual Start]
<system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[KNetWch / KNetWch][Running/System Start]
<\??\C:\KAV2006\KNetWch.SYS><Kingsoft Corporation>
[KWatch3 / KWatch3][Running/System Start]
<\??\C:\WINNT\system32\drivers\KWatch3.SYS><Kingsoft Corporation>
[leljrj / leljrj][Running/Boot Start]
<\SystemRoot\\SystemRoot\System32\drivers\leljrj.sys><N/A>
[mssock / mssock][Stopped/Manual Start]
<\??\C:\WINNT\system32\mssock.sys><N/A>
[Netgroup Packet Filter / NPF][Running/Manual Start]
<system32\DRIVERS\npf.sys><CACE Technologies>
[npkcrypt / npkcrypt][Running/Auto Start]
<\??\E:\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv4 / nv4][Stopped/Manual Start]
<system32\DRIVERS\nv4.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
<\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising Technology Co., Ltd.>
[Realtek 10/100/1000 NIC Family all in one NDIS NT Driver / RTL8023][Running/Manual Start]
<system32\DRIVERS\Rtlnic.sys><Realtek Semiconductor Corporation>
[Realtek RTL8139-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[USB PC Camera (SNPSTD3) / SNPSTD3][Stopped/Manual Start]
<system32\DRIVERS\snpstd3.sys><>
[SoC PC-Camera / SoC PC-Camera Service][Running/Manual Start]
<system32\DRIVERS\pfc027.sys><>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
<system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>

==================================
浏览器加载项
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <e:\Tencent\QQ\QQIEHelper.dll, N/A>
[@shdoclc.dll,-866]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <e:\Tencent\QQ\QQ.EXE, TENCENT>
[QQIEFloatBarCfgCmd Class]
{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <e:\Tencent\QQ\QQIEHelper.dll, N/A>
[@msdxmLC.dll,-1@2052,电台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\system32\msdxm.ocx, Microsoft Corporation>
[金山快译(&K)]
{6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} <C:\Program Files\Kingsoft\FastAIT 2005\IEBand.dll, 金山软件股份有限公司>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINNT\system32\wuweb.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\Macromed\Flash\Flash9d.ocx, Adobe Systems, Inc.>
[360SafeLive]
{87515F61-A66C-4319-A0E0-D416CB8059E3} <D:\360safe_3.2\360safe\live.dll, 360safe.com>

mxw810715 - 2007-9-14 14:47:00

正在运行的进程
[PID: 156][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.00.2195.6601]
[PID: 188][\??\C:\WINNT\system32\csrss.exe] [Microsoft Corporation, 5.00.2195.6601]
[PID: 208][\??\C:\WINNT\system32\winlogon.exe] [Microsoft Corporation, 5.00.2195.6970]
[C:\WINNT\system32\avzxamn.dll] [N/A, ]
[C:\WINNT\system32\LogUser.dll] [N/A, ]
[C:\WINNT\system32\wdmaud.drv] [Microsoft Corporation, 5.00.2195.6673]
[C:\WINNT\system32\mscomm.dll] [N/A, ]
[C:\WINNT\system32\MSVCP60.DLL] [Microsoft Corporation, 6.00.8972.0]
[C:\WINNT\system32\msacm32.drv] [Microsoft Corporation, 5.00.2134.1]
[PID: 240][C:\WINNT\system32\services.exe] [Microsoft Corporation, 5.00.2195.6700]
[C:\WINNT\system32\avzxamn.dll] [N/A, ]
[C:\WINNT\system32\dmserver.dll] [VERITAS Software Corp., 2195.6605.297.3]
[PID: 252][C:\WINNT\system32\lsass.exe] [Microsoft Corporation, 5.00.2195.6902]
[C:\WINNT\system32\avzxamn.dll] [N/A, ]
[PID: 448][C:\KAV2006\KWatch.EXE] [Kingsoft Corporation, 2005, 9, 27, 51]
[C:\KAV2006\KAVIPC2.DLL] [Kingsoft Corporation, 2004, 12, 28, 20]
[C:\KAV2006\KAEPlat.DLL] [Kingsoft Corp., 2006, 5, 30, 59]
[C:\KAV2006\KAEMem.DAT] [Kingsoft, 2006, 9, 25, 16]
[C:\KAV2006\KAEUnpack.DAT] [Kingsoft Corp., 2006, 7, 27, 59]
[C:\WINNT\system32\avzxamn.dll] [N/A, ]
[PID: 480][C:\WINNT\system32\svchost.exe] [Microsoft Corporation, 5.00.2134.1]
[C:\WINNT\system32\avzxamn.dll] [N/A, ]
[C:\WINNT\system32\mscomm.dll] [N/A, ]
[C:\WINNT\system32\MSVCP60.DLL] [Microsoft Corporation, 6.00.8972.0]
[PID: 528][C:\WINNT\system32\spoolsv.exe] [Microsoft Corporation, 5.00.2195.7059]
[C:\WINNT\system32\avzxamn.dll] [N/A, ]
[C:\WINNT\system32\mscomm.dll] [N/A, ]
[C:\WINNT\system32\MSVCP60.DLL] [Microsoft Corporation, 6.00.8972.0]
[PID: 572][C:\WINNT\system32\svchost.exe] [Microsoft Corporation, 5.00.2134.1]
[C:\WINNT\system32\avzxamn.dll] [N/A, ]
[C:\WINNT\system32\unimdm.tsp] [Microsoft Corporation, 5.00.2195.6601]
[C:\WINNT\system32\kmddsp.tsp] [Microsoft Corporation, 5.00.2150.1]
[C:\WINNT\system32\ndptsp.tsp] [Microsoft Corporation, 5.00.2143.1]
[C:\WINNT\system32\ipconf.tsp] [Microsoft Corporation, 5.00.2143.1]
[C:\WINNT\system32\h323.tsp] [Microsoft Corporation, 5.00.2195.6901]
[PID: 592][C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe] [Symantec Corporation, 2003.775]
[C:\WINNT\system32\avzxamn.dll] [N/A, ]
[PID: 620][C:\KAV2006\KPfwSvc.EXE] [Kingsoft Corporation, 2005, 9, 5, 28]
[C:\WINNT\system32\avzxamn.dll] [N/A, ]
[PID: 664][C:\WINNT\system32\MSTask.exe] [Microsoft Corporation, 4.71.2195.6920]
[C:\WINNT\system32\avzxamn.dll] [N/A, ]
[C:\WINNT\system32\mscomm.dll] [N/A, ]
[C:\WINNT\system32\MSVCP60.DLL] [Microsoft Corporation, 6.00.8972.0]
[PID: 748][C:\WINNT\system32\stisvc.exe] [Microsoft Corporation, 5.00.2195.6656]
[C:\WINNT\system32\avzxamn.dll] [N/A, ]
[C:\WINNT\system32\PA207Usd.dll] [, 1, 0, 0, 0]
[PID: 824][C:\WINNT\System32\WBEM\WinMgmt.exe] [Microsoft Corporation, 1.50.1085.0100]
[PID: 888][C:\WINNT\system32\svchost.exe] [Microsoft Corporation, 5.00.2134.1]
[C:\WINNT\system32\avzxamn.dll] [N/A, ]
[C:\WINNT\system32\mscomm.dll] [N/A, ]
[C:\WINNT\system32\MSVCP60.DLL] [Microsoft Corporation, 6.00.8972.0]
[C:\WINNT\system32\msxml3.dll] [Microsoft Corporation, 8.30.9926.0]
[PID: 948][C:\WINNT\system32\wxsyfcli.exe] [成都吉胜科技有限公司, 0.0.6.8176]
[C:\WINNT\system32\avzxamn.dll] [N/A, ]
[PID: 844][C:\WINNT\Explorer.EXE] [Microsoft Corporation, 5.00.3700.6690]
[C:\WINNT\AppPatch\AcLayers.DLL] [Microsoft Corporation, 5.00.2195.6717]
[C:\Program Files\Common Files\SyInfo.bps] [N/A, ]
[C:\Program Files\Internet Explorer\PLUGINS\WinSys64.Sys] [N/A, ]
[C:\WINNT\system32\avwlamn.dll] [N/A, ]
[C:\WINNT\system32\rsjzapm.dll] [N/A, ]
[C:\WINNT\system32\avzxamn.dll] [N/A, ]
[C:\WINNT\system32\wdmaud.drv] [Microsoft Corporation, 5.00.2195.6673]
[C:\WINNT\system32\msacm32.drv] [Microsoft Corporation, 5.00.2134.1]
[C:\Program Files\NetMeeting\ravztmon.dat] [N/A, ]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[C:\Program Files\NetMeeting\ravgjmon.dat] [N/A, ]
[C:\Program Files\NetMeeting\avpqj.dat] [N/A, ]
[C:\Program Files\NetMeeting\ravdhmon.dat] [N/A, ]
[C:\Program Files\NetMeeting\avpwm.dat] [N/A, ]
[C:\WINNT\system32\mscomm.dll] [N/A, ]
[C:\WINNT\system32\MSVCP60.DLL] [Microsoft Corporation, 6.00.8972.0]
[C:\WINNT\system32\shlhook.dll] [Beijing Rising Technology Co., Ltd., 4.0.0.9]
[C:\KAV2006\KAScript.DLL] [Kingsoft Corporation, 2006, 2, 10, 60]
[C:\KAV2006\KAEPlat.DLL] [Kingsoft Corp., 2006, 5, 30, 59]
[C:\KAV2006\KAEMem.DAT] [Kingsoft, 2006, 9, 25, 16]
[C:\KAV2006\KAEUnpack.DAT] [Kingsoft Corp., 2006, 7, 27, 59]
[C:\WINNT\system32\msadp32.acm] [Microsoft Corporation, 5.00.2134.1]
[D:\360safe_3.2\360safe\safemon\safemon.dll] [, 3, 6, 1, 1001]
[C:\WINNT\kulionrx.dll] [N/A, ]
[C:\WINNT\system32\srjltl.dll] [N/A, ]
[C:\WINNT\system32\lhpwhd.dll] [N/A, ]
[C:\WINNT\system32\igfxpph.dll] [Intel Corporation, 3.0.0.4332]
[C:\WINNT\system32\hccutils.DLL] [Intel Corporation, 3.0.0.4332]
[C:\WINNT\system32\igfxres.dll] [Intel Corporation, 3.0.0.4332]
[C:\WINNT\system32\igfxress.dll] [Intel Corporation, 3.0.0.4332]
[C:\WINNT\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.4332]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[C:\KAV2006\KAVEXT.DLL] [Kingsoft Corporation, 2005, 8, 5, 16]
[PID: 1092][C:\WINNT\SOUNDMAN.EXE] [Realtek Semiconductor Corp., 5.1.0.42]
[C:\Program Files\Internet Explorer\PLUGINS\WinSys64.Sys] [N/A, ]
[C:\WINNT\system32\avzxamn.dll] [N/A, ]
[C:\WINNT\system32\avwlamn.dll] [N/A, ]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[C:\WINNT\system32\rsjzapm.dll] [N/A, ]
[C:\WINNT\system32\srjltl.dll] [N/A, ]
[C:\WINNT\kulionrx.dll] [N/A, ]
[C:\WINNT\system32\lhpwhd.dll] [N/A, ]

mxw810715 - 2007-9-14 14:47:00

[PID: 1136][C:\WINNT\system32\Clsmn.exe] [, 16.3.12.478]
[C:\WINNT\system32\RegCode.dll] [N/A, ]
[C:\Program Files\Internet Explorer\PLUGINS\WinSys64.Sys] [N/A, ]
[C:\Program Files\NetMeeting\avpwm.dat] [N/A, ]
[C:\Program Files\NetMeeting\ravdhmon.dat] [N/A, ]
[C:\Program Files\NetMeeting\avpqj.dat] [N/A, ]
[C:\Program Files\NetMeeting\ravgjmon.dat] [N/A, ]
[C:\Program Files\NetMeeting\ravztmon.dat] [N/A, ]
[C:\WINNT\system32\mscomm.dll] [N/A, ]
[C:\WINNT\system32\MSVCP60.DLL] [Microsoft Corporation, 6.00.8972.0]
[C:\WINNT\system32\avwlamn.dll] [N/A, ]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[C:\WINNT\system32\avzxamn.dll] [N/A, ]
[C:\WINNT\system32\rsjzapm.dll] [N/A, ]
[C:\WINNT\system32\srjltl.dll] [N/A, ]
[C:\WINNT\kulionrx.dll] [N/A, ]
[D:\360safe_3.2\360safe\safemon\safemon.dll] [, 3, 6, 1, 1001]
[C:\WINNT\system32\lhpwhd.dll] [N/A, ]
[PID: 1160][C:\Program Files\Rising\AntiSpyware\runiep.exe] [Beijing Rising Technology Co., Ltd., 4.0.0.18]
[C:\Program Files\Internet Explorer\PLUGINS\WinSys64.Sys] [N/A, ]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[C:\WINNT\system32\avzxamn.dll] [N/A, ]
[C:\WINNT\system32\rsjzapm.dll] [N/A, ]
[C:\WINNT\system32\avwlamn.dll] [N/A, ]
[C:\WINNT\system32\srjltl.dll] [N/A, ]
[C:\WINNT\kulionrx.dll] [N/A, ]
[C:\WINNT\system32\lhpwhd.dll] [N/A, ]
[PID: 1256][C:\WINNT\system32\conime.exe] [Microsoft Corporation, 5.00.2195.6655]
[C:\Program Files\NetMeeting\ravztmon.dat] [N/A, ]
[C:\Program Files\Internet Explorer\PLUGINS\WinSys64.Sys] [N/A, ]
[C:\WINNT\system32\avzxamn.dll] [N/A, ]
[C:\WINNT\system32\avwlamn.dll] [N/A, ]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[C:\WINNT\system32\rsjzapm.dll] [N/A, ]
[C:\WINNT\system32\srjltl.dll] [N/A, ]
[C:\WINNT\kulionrx.dll] [N/A, ]
[C:\WINNT\system32\lhpwhd.dll] [N/A, ]
[PID: 1364][C:\WINNT\system32\internat.exe] [Microsoft Corporation, 5.00.2920.0000]
[C:\Program Files\NetMeeting\avpwm.dat] [N/A, ]
[C:\Program Files\NetMeeting\ravdhmon.dat] [N/A, ]
[C:\Program Files\NetMeeting\avpqj.dat] [N/A, ]
[C:\Program Files\NetMeeting\ravgjmon.dat] [N/A, ]
[C:\Program Files\NetMeeting\ravztmon.dat] [N/A, ]
[C:\Program Files\Internet Explorer\PLUGINS\WinSys64.Sys] [N/A, ]
[C:\WINNT\system32\avzxamn.dll] [N/A, ]
[C:\WINNT\system32\avwlamn.dll] [N/A, ]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[C:\WINNT\system32\rsjzapm.dll] [N/A, ]
[C:\WINNT\system32\srjltl.dll] [N/A, ]
[C:\WINNT\kulionrx.dll] [N/A, ]
[C:\WINNT\system32\lhpwhd.dll] [N/A, ]
[D:\360safe_3.2\360safe\safemon\safemon.dll] [, 3, 6, 1, 1001]
[PID: 1372][D:\360safe_3.2\360safe\safemon\360Tray.exe] [奇虎网, 3, 6, 1, 1001]
[C:\Program Files\NetMeeting\avpwm.dat] [N/A, ]
[C:\Program Files\NetMeeting\ravdhmon.dat] [N/A, ]
[C:\Program Files\NetMeeting\avpqj.dat] [N/A, ]
[C:\Program Files\NetMeeting\ravgjmon.dat] [N/A, ]
[C:\Program Files\NetMeeting\ravztmon.dat] [N/A, ]
[C:\Program Files\Internet Explorer\PLUGINS\WinSys64.Sys] [N/A, ]
[D:\360safe_3.2\360safe\safemon\safemon.dll] [, 3, 6, 1, 1001]
[D:\360safe_3.2\360safe\safemon\SafeKrnl.dll] [奇虎网, 3, 6, 0, 1001]
[D:\360safe_3.2\360safe\AntiAdwa.dll] [360Safe.com, 3, 6, 1, 1001]
[C:\WINNT\system32\avwlamn.dll] [N/A, ]
[C:\WINNT\system32\avzxamn.dll] [N/A, ]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[C:\WINNT\system32\rsjzapm.dll] [N/A, ]
[D:\360safe_3.2\360safe\live.dll] [360safe.com, 1, 0, 1, 1020]
[C:\WINNT\system32\mscomm.dll] [N/A, ]
[C:\WINNT\system32\MSVCP60.DLL] [Microsoft Corporation, 6.00.8972.0]
[C:\WINNT\kulionrx.dll] [N/A, ]
[C:\WINNT\system32\srjltl.dll] [N/A, ]
[C:\WINNT\system32\msxml3.dll] [Microsoft Corporation, 8.30.9926.0]
[C:\WINNT\system32\lhpwhd.dll] [N/A, ]
[PID: 1664][C:\WINNT\system32\avwlast.exe] [N/A, ]
[C:\WINNT\system32\rsjzapm.dll] [N/A, ]
[C:\WINNT\system32\avwlamn.dll] [N/A, ]
[PID: 952][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2800.1106]
[D:\360safe_3.2\360safe\safemon\safemon.dll] [, 3, 6, 1, 1001]
[C:\Program Files\NetMeeting\avpwm.dat] [N/A, ]
[C:\Program Files\NetMeeting\ravdhmon.dat] [N/A, ]
[C:\Program Files\NetMeeting\avpqj.dat] [N/A, ]
[C:\Program Files\NetMeeting\ravgjmon.dat] [N/A, ]
[C:\Program Files\NetMeeting\ravztmon.dat] [N/A, ]
[C:\Program Files\Internet Explorer\PLUGINS\WinSys64.Sys] [N/A, ]
[C:\WINNT\system32\lhpwhd.dll] [N/A, ]
[C:\WINNT\system32\srjltl.dll] [N/A, ]
[C:\WINNT\system32\avwlamn.dll] [N/A, ]
[C:\WINNT\kulionrx.dll] [N/A, ]
[C:\WINNT\system32\avzxamn.dll] [N/A, ]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[C:\WINNT\system32\rsjzapm.dll] [N/A, ]
[C:\WINNT\system32\mscomm.dll] [N/A, ]
[C:\WINNT\system32\MSVCP60.DLL] [Microsoft Corporation, 6.00.8972.0]
[C:\KAV2006\KAScript.DLL] [Kingsoft Corporation, 2006, 2, 10, 60]
[C:\KAV2006\KAEPlat.DLL] [Kingsoft Corp., 2006, 5, 30, 59]
[C:\KAV2006\KAEMem.DAT] [Kingsoft, 2006, 9, 25, 16]
[C:\KAV2006\KAEUnpack.DAT] [Kingsoft Corp., 2006, 7, 27, 59]
[C:\WINNT\system32\wdmaud.drv] [Microsoft Corporation, 5.00.2195.6673]
[C:\WINNT\system32\msacm32.drv] [Microsoft Corporation, 5.00.2134.1]
[C:\WINNT\system32\msadp32.acm] [Microsoft Corporation, 5.00.2134.1]
[C:\WINNT\system32\Macromed\Flash\Flash9d.ocx] [Adobe Systems, Inc., 9,0,47,0]
[C:\WINNT\system32\PINTLGNT.IME] [Microsoft Corporation, 4.2.32]
[C:\WINNT\system32\winpy.ime] [Microsoft Corporation, 5.00.2195.6601]
[C:\WINNT\system32\winzm.ime] [Microsoft Corporation, 5.00.2195.6601]
[C:\WINNT\system32\winabc.ime] [Microsoft Corporation, 5.00.2195.6601]
[C:\WINNT\system32\WINWB.IME] [Microsoft, 4.00.950]
[PID: 1864][C:\WINNT\regedit.exe] [Microsoft Corporation, 5.00.2195.6707]
[D:\360safe_3.2\360safe\safemon\safemon.dll] [, 3, 6, 1, 1001]
[C:\Program Files\NetMeeting\avpwm.dat] [N/A, ]
[C:\Program Files\NetMeeting\ravdhmon.dat] [N/A, ]
[C:\Program Files\NetMeeting\avpqj.dat] [N/A, ]
[C:\Program Files\NetMeeting\ravgjmon.dat] [N/A, ]
[C:\Program Files\NetMeeting\ravztmon.dat] [N/A, ]
[C:\Program Files\Internet Explorer\PLUGINS\WinSys64.Sys] [N/A, ]
[C:\WINNT\system32\avzxamn.dll] [N/A, ]
[C:\WINNT\system32\avwlamn.dll] [N/A, ]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[C:\WINNT\system32\lhpwhd.dll] [N/A, ]
[C:\WINNT\system32\srjltl.dll] [N/A, ]
[C:\WINNT\kulionrx.dll] [N/A, ]
[C:\WINNT\system32\rsjzapm.dll] [N/A, ]
[PID: 700][C:\DOCUME~1\maxezu\LOCALS~1\Temp\sysldy.exe] [, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINNT\system32\avzxamn.dll] [N/A, ]
[C:\DOCUME~1\maxezu\LOCALS~1\Temp\packet.dll] [CACE Technologies, 3, 1, 0, 27]
[C:\DOCUME~1\maxezu\LOCALS~1\Temp\WanPacket.dll] [CACE Technologies, 3, 1, 0, 27]
[C:\DOCUME~1\maxezu\LOCALS~1\Temp\NPPTools.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\360safe_3.2\360safe\safemon\safemon.dll] [, 3, 6, 1, 1001]
[C:\Program Files\NetMeeting\avpwm.dat] [N/A, ]
[C:\Program Files\NetMeeting\ravdhmon.dat] [N/A, ]
[C:\Program Files\NetMeeting\avpqj.dat] [N/A, ]
[C:\Program Files\NetMeeting\ravgjmon.dat] [N/A, ]
[C:\Program Files\NetMeeting\ravztmon.dat] [N/A, ]
[C:\Program Files\Internet Explorer\PLUGINS\WinSys64.Sys] [N/A, ]
[PID: 1624][C:\WINNT\system32\conime.exe] [Microsoft Corporation, 5.00.2195.6655]
[PID: 1952][C:\Documents and Settings\maxezu\桌面\新建文件夹\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
[C:\WINNT\system32\rsjzapm.dll] [N/A, ]
[D:\360safe_3.2\360safe\safemon\safemon.dll] [, 3, 6, 1, 1001]
[C:\Program Files\NetMeeting\avpwm.dat] [N/A, ]
[C:\Program Files\NetMeeting\ravdhmon.dat] [N/A, ]
[C:\Program Files\NetMeeting\avpqj.dat] [N/A, ]
[C:\Program Files\NetMeeting\ravgjmon.dat] [N/A, ]
[C:\Program Files\NetMeeting\ravztmon.dat] [N/A, ]
[C:\Program Files\Internet Explorer\PLUGINS\WinSys64.Sys] [N/A, ]
[C:\WINNT\system32\avzxamn.dll] [N/A, ]
[C:\WINNT\system32\avwlamn.dll] [N/A, ]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[C:\WINNT\system32\lhpwhd.dll] [N/A, ]
[C:\WINNT\system32\srjltl.dll] [N/A, ]
[C:\WINNT\kulionrx.dll] [N/A, ]
[C:\Documents and Settings\maxezu\桌面\新建文件夹\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
[C:\WINNT\system32\MSVCP60.DLL] [Microsoft Corporation, 6.00.8972.0]
[C:\WINNT\system32\MSISIP.DLL] [Microsoft Corporation, 3.1.4000.1823]
[C:\WINNT\system32\wshCHS.DLL] [Microsoft Corporation, 5.6.0.6626]

mxw810715 - 2007-9-14 14:48:00

文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM Error. ["hh.exe" %1]
.HLP Error. [winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
MSAPI Tcpip [TCP/IP]
C:\WINNT\system32\mscomm.dll(, N/A)
MSAPI Tcpip [UDP/IP]
C:\WINNT\system32\mscomm.dll(, N/A)

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 localhost

==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 592, C:\PROGRAM FILES\SYMANTEC\NORTON GHOST 2003\GHOSTSTARTSERVICE.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 620, C:\KAV2006\KPFWSVC.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 948, C:\WINNT\SYSTEM32\WXSYFCLI.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 1136, C:\WINNT\SYSTEM32\CLSMN.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1136, C:\WINNT\SYSTEM32\CLSMN.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1160, C:\PROGRAM FILES\RISING\ANTISPYWARE\RUNIEP.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 1372, D:\360SAFE_3.2\360SAFE\SAFEMON\360TRAY.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1372, D:\360SAFE_3.2\360SAFE\SAFEMON\360TRAY.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 1664, C:\WINNT\SYSTEM32\AVWLAST.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1664, C:\WINNT\SYSTEM32\AVWLAST.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 700, C:\DOCUME~1\MAXEZU\LOCALS~1\TEMP\SYSLDY.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 700, C:\DOCUME~1\MAXEZU\LOCALS~1\TEMP\SYSLDY.EXE]

==================================
API HOOK
入口点错误：CreateProcessA (危险等级: 高, 被下面模块所HOOK: D:\360safe_3.2\360safe\safemon\safemon.dll)
入口点错误：CreateProcessW (危险等级: 高, 被下面模块所HOOK: D:\360safe_3.2\360safe\safemon\safemon.dll)

==================================
隐藏进程
N/A

==================================

[/CODE]

这是昨晚重新还原的系统，
扫描后出现全都是扫描错误（正不正常）

Aasetup - 2007-9-14 21:47:00

看了看下面大把应该都是用冰刃和 SRE 删除

C:\WINNT\system32\ rsjzapm.dll
C:\WINNT\system32\ shmgrate.exe
C:\WINNT\system32\ srjltl.dll
C:\WINNT\system32\ lhpwhd.dll
C:\WINNT\system32\ mssock.sys
C:\WINNT\system32\ msapi.dll

C:\Program Files\NetMeeting\ ravztmon.dat
C:\Program Files\NetMeeting\ ravgjmon.dat
C:\Program Files\NetMeeting\ avpqj.dat
C:\Program Files\NetMeeting\ ravdhmon.dat
C:\Program Files\NetMeeting\ avpwm.dat

%systemroot%\system32\updcrl.exe -e -u %systemroot%\system32\verisignpub1.crl

C:\WINNT\system32\drivers\leljrj.sys
C:\Program Files\Internet Explorer\PLUGINS\WinSys64.Sys

MSAPI Tcpip [TCP/IP]
C:\WINNT\system32\mscomm.dll(, N/A)
MSAPI Tcpip [UDP/IP]
C:\WINNT\system32\mscomm.dll(, N/A)

C:\WINNT\system32\LogUser.dll 不知道在你这里这个可不可以删除盼望高手指点啊继续加油学习

mxw810715 - 2007-9-16 9:10:00

谢了，能不能直接告诉我，我的电脑中的是什么病毒？？？

我是来来 - 2007-9-16 9:13:00

你好像中了多个毒

mxw810715 - 2007-9-16 9:31:00

用冰刃也找不那几个东东

超级游戏迷 - 2007-9-16 10:13:00

一、有问题的注册表项目
==================================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<DbgHlp32><C:\WINNT\DbgHlp32.exe> []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<MSDCG32 ><LYLeador.exe> [N/A]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><avwlamn.dll> []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{1859245F-345D-BC13-AC4F-145D47DA34F1}><C:\WINNT\system32\avzxamn.dll> []
<{12FAACDE-34DA-CCD4-AB4D-DA34485A3421}><C:\WINNT\system32\rsjzapm.dll> []
<{1960356A-458E-DE24-BD50-268F589A56A1}><C:\WINNT\system32\avwlamn.dll> []
==================================
驱动程序
[leljrj / leljrj][Running/Boot Start]
<\SystemRoot\\SystemRoot\System32\drivers\leljrj.sys><N/A>
[mssock / mssock][Stopped/Manual Start]
<\??\C:\WINNT\system32\mssock.sys><N/A>
[Netgroup Packet Filter / NPF][Running/Manual Start]
<system32\DRIVERS\npf.sys><CACE Technologies>
===================================
文件关联
.CHM Error. ["hh.exe" %1]
.HLP Error. [winhlp32.exe %1]
==================================
Winsock 提供者
MSAPI Tcpip [TCP/IP]
C:\WINNT\system32\mscomm.dll(, N/A)
MSAPI Tcpip [UDP/IP]
C:\WINNT\system32\mscomm.dll(, N/A)

二、可疑和有问题的文件（红色可疑）：
==================================
[C:\WINNT\system32\PA207Usd.dll] [, 1, 0, 0, 0]
[C:\Program Files\Common Files\SyInfo.bps] [N/A, ]
[C:\DOCUME~1\maxezu\LOCALS~1\Temp\sysldy.exe]
[C:\DOCUME~1\maxezu\LOCALS~1\Temp\packet.dll]
[C:\DOCUME~1\maxezu\LOCALS~1\Temp\WanPacket.dll]
[C:\Program Files\NetMeeting\avpwm.dat] [N/A, ]
[C:\Program Files\NetMeeting\avpqj.dat] [N/A, ]
[C:\WINNT\system32\avzxamn.dll] [N/A, ]
[C:\WINNT\system32\avwlamn.dll] [N/A, ]
[C:\Program Files\NetMeeting\avpqj.dat] [N/A, ]
[C:\Program Files\NetMeeting\ravdhmon.dat] [N/A, ]
[C:\Program Files\NetMeeting\ravgjmon.dat] [N/A, ]
[C:\Program Files\NetMeeting\ravztmon.dat] [N/A, ]
[C:\WINNT\system32\rsjzapm.dll] [N/A, ]
[C:\Program Files\Internet Explorer\PLUGINS\WinSys64.Sys] [N/A, ]
[C:\WINNT\system32\lhpwhd.dll] [N/A, ]
[C:\WINNT\system32\srjltl.dll] [N/A, ]
[C:\WINNT\kulionrx.dll] [N/A, ]
[C:\WINNT\system32\mscomm.dll] [N/A, ]
C:\WINNT\system32\LYLeador.exe
C:\WINNT\system32\mssock.sys
C:\WINNT\System32\drivers\leljrj.sys
C:\WINNT\system32\DRIVERS\npf.sys
C:\WINNT\DbgHlp32.exe

瑞星卡卡安全论坛