瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 已经解决--灰鸽子病毒不能清除--瑞星误报

123   3  /  3  页   跳转

已经解决--灰鸽子病毒不能清除--瑞星误报

引用:
【menlee的贴子】
是升级到最新的啊.元旦前19.03.50版本查杀的结果
节后还没有查杀,没有升级.但是肯定结果依旧

………………

让我怎么说你.算了升级瑞星到最新版本就好了
gototop
 

算我错了吧! 呵呵 在等你把鸽子当菜吃了 在发个帖子抱喜



gototop
 

【回复“仙剑VS景天”的帖子】
扫描报告
[CODE]

2007-01-04,15:22:41

System Repair Engineer 2.3.13.690
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
    <KavPFW><"C:\KAV2006\KPFW32.EXE">  [Kingsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Corporation]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Corporation]
    <MSPY2002><C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC>  [(Verified)N/A]
    <IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>  [(Verified)Microsoft Corporation]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <AHNSD><"C:\Program Files\AhnLab\Smart Update Utility\AhnSD.exe">  [(Verified)AhnLab, Inc.]
    <runeip><C:\Program Files\Rising\AntiSpyware\runiep.exe>  [Beijing Rising Technology Co., Ltd.]
    <KavStart><"C:\KAV2006\KAVStart.exe" -startup>  [Kingsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <AtiPTA><; atiptaxx.exe>  [ATI Technologies, Inc.]
    <HP Component Manager><; "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe">  [Hewlett-Packard Company]
    <HP Software Update><; C:\Program Files\HP\HP Software Update\HPWuSchd2.exe>  [Hewlett-Packard Co.]
    <KavStart><; "C:\KAV2006\KAVStart.exe" -startup>  [Kingsoft Corporation]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <MSMSGS><; "C:\Program Files\Messenger\msmsgs.exe" /background>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <QuickTime Task><; "C:\Program Files\QuickTime\qttask.exe" -atboottime>  [Apple Computer, Inc.]
    <TkBellExe><; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]

==================================
启动文件夹
N/A

==================================
服务
[Adobe LM Service / Adobe LM Service][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[AhnLab Task Scheduler / AhnLab Task Scheduler][Running/Auto Start]
  <"C:\Program Files\AhnLab\Smart Update Utility\AhnSDsv.exe"><AhnLab, Inc.>
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
  <C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[SpyZero_Monitor / SpyZero_Monitor][Running/Auto Start]
  <"C:\Program Files\AhnLab\AhnLab SpyZero 2.0\AszMon.exe"><AhnLab, Inc.>
[Kingsoft Antivirus KWatch Service / KWatchSvc][Running/Auto Start]
  <C:\KAV2006\KWatch.EXE><Kingsoft Corporation>
[Kingsoft Personal Firewall Service / KPfwSvc][Running/Auto Start]
  <"C:\KAV2006\KPfwSvc.EXE"><Kingsoft Corporation>

==================================
驱动程序
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Running/Manual Start]
  <system32\drivers\ac97intc.sys><Intel Corporation>
[AhnFlt2K / AhnFlt2K][Running/Manual Start]
  <\??\C:\WINDOWS\system32\Drivers\AhnFlt2K.sys><AhnLab, Inc.>
[AhnRec2K / AhnRec2K][Running/Manual Start]
  <\??\C:\WINDOWS\system32\Drivers\AhnRec2K.sys><AhnLab, Inc.>
[AhnRghNt / AhnRghNt][Running/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\AhnRghNt.sys><AhnLab, Inc.>
[AhnSZE / AhnSZE][Running/Manual Start]
  <system32\drivers\AhnSZE.sys><AhnLab, Inc.>
[AliIde / AliIde][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\aliide.sys><N/A>
[AnfdIont / AnfdIont][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\AnfdIont.sys><AhnLab, Inc.>
[AnfdTDnt / AnfdTDnt][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\AnfdTDnt.sys><AhnLab, Inc.>
[ASZFltNt / ASZFltNt][Running/Manual Start]
  <\??\C:\Program Files\AhnLab\AhnLab SpyZero 2.0\ASZFltNt.sys><AhnLab, Inc.>
[ati2mtaa / ati2mtaa][Running/Manual Start]
  <system32\DRIVERS\ati2mtaa.sys><ATI Technologies Inc.>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[Bluetooth Audio Service / BlueletAudio][Stopped/Manual Start]
  <system32\DRIVERS\blueletaudio.sys><IVT Corporation>
[Bluetooth PAN Network Adapter / BT][Stopped/Manual Start]
  <system32\DRIVERS\btnetdrv.sys><IVT Corporation>
[Bluetooth USB For Bluetooth Service / Btcsrusb][Stopped/Manual Start]
  <System32\Drivers\btcusb.sys><IVT Corporation>
[Bluetooth HID Enumerator / BTHidEnum][Stopped/Manual Start]
  <system32\DRIVERS\vbtenum.sys><N/A>
[Bluetooth HID Manager Service / BTHidMgr][Running/Boot Start]
  <\SystemRoot\System32\Drivers\BTHidMgr.sys><IVT Corporation>
[ICatch (VI) PC Camera / CA561][Stopped/Manual Start]
  <System32\Drivers\SPCA561.SYS><SP>
[CmdIde / CmdIde][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[Team MFP Comm Driver / DgiVecp][Running/Auto Start]
  <System32\Drivers\DgiVecp.sys><DeviceGuys, Inc.>
[3Com EtherLink XL 90XB/C Adapter Driver / EL90XBC][Running/Manual Start]
  <system32\DRIVERS\el90xbc5.sys><3Com Corporation>
[ExpScaner / ExpScaner][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\ExpScan.sys><>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Stopped/Manual Start]
  <system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[HookCont / HookCont][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HookSys.sys><Rising>
[KWatch3 / KWatch3][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\KWatch3.SYS><Kingsoft Corporation>
[MegaIDE / MegaIDE][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\MegaIDE.sys><LSI Logic Corporation.>
[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\packet.sys><N/A>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\C:\Program Files\Tencent2006\TMDlls\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv][Stopped/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
  <\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[Hisense USB CDC Driver (PID 3100) / qccdcmdm0][Stopped/Manual Start]
  <system32\DRIVERS\qcusbmdm.sys><QUALCOMM Incorporated>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\RSPPSYS.sys><Rising>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[V3NfeNt / V3NfeNt][Running/Auto Start]
  <\??\C:\Program Files\Ahnlab\V3\V3NfeNt.sys><AhnLab, Inc.>
[Virtual Serial port driver / VComm][Stopped/Manual Start]
  <system32\DRIVERS\VComm.sys><IVT Corporation>
[Bluetooth VComm Manager Service / VcommMgr][Stopped/Manual Start]
  <System32\Drivers\VcommMgr.sys><IVT Corporation>
[ViaIde / ViaIde][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[KNetWch / KNetWch][Running/System Start]
  <\??\C:\KAV2006\KNetWch.SYS><Kingsoft Corporation>
gototop
 

==================================
浏览器加载项
[CBrowseStakeout Class]
  {55302805-482E-470E-8A57-6795A1487F90} <C:\KAV2006\KAVAFish.DLL, Kingsoft Corporation>
[EPWrapsodyVersion Class]
  {00B4EB57-5F54-4A6A-BC1A-DE9ABA26C0E2} <C:\WINDOWS\ep_fver.dll, >
[MyUpDown Control]
  {011605F4-3A7F-44F8-828A-E2F3BC2BEC2E} <C:\WINDOWS\DOWNLO~1\CONFLICT.1\myUpDown.ocx, SAMSUNG SDS>
[CodeAx Class]
  {03F49E0E-C43A-4037-BBD6-D681E998A08E} <C:\WINDOWS\DOWNLO~1\CONFLICT.1\CM_COD~1.DLL, >
[mySingle.ClsLocal]
  {1B954045-CB17-46CF-A596-BC59E7861D79} <C:\WINDOWS\Downloaded Program Files\CONFLICT.1\mySingle_XPSP2.dll, SDS>
[GSBN.CHINA]
  {2207EDAD-5731-4CCD-B79B-E489022E47AF} <C:\WINDOWS\Downloaded Program Files\GSBN_CHINA.ocx, ??SDS>
[MxLogicalTRU Class]
  {223216F6-B9FE-406D-9ED6-143FCE3A07B8} <C:\WINDOWS\Downloaded Program Files\CONFLICT.1\MxLogicalTRU.dll, sift infomation & communication>
[MxBinderU Class]
  {2F98EA90-EAE1-4AB5-AE89-DA073D824589} <C:\WINDOWS\Downloaded Program Files\CONFLICT.1\MxBinderU.dll, SHIFT Infomation & Communication Co., Ltd.>
[LocalTree.LocalXMLTree]
  {2FF8F8B7-1B3F-4E5F-93B1-FEF1D703C0F4} <C:\WINDOWS\system32\mySingleTree.ocx, Samsung SDS Co., Ltd.>
[EpFTP3 Control]
  {34B5A473-9696-4F9A-9BA1-41B8185A9798} <C:\WINDOWS\system32\EpFTP3.ocx, Samsung SDS Co., Ltd.>
[Enc Class]
  {3D6C131D-AE95-4484-B2D0-275D4EC62DFD} <C:\WINDOWS\Downloaded Program Files\CONFLICT.1\pdssex.dll, >
[CEditCtrl Object]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\AliEdit.dll, www.alipay.com>
[SRW711.SRW_711_C]
  {4C77B4AB-C802-4E0D-A763-4F6E9EE37118} <C:\WINDOWS\Downloaded Program Files\SRW711.ocx, Waremec>
[MxGridU Class]
  {71E7ACA0-EF63-4055-9894-229B056E9C31} <C:\WINDOWS\Downloaded Program Files\CONFLICT.1\MxGridU.dll, SHIFT Infomation & Communication Co., Ltd.>
[Chart Object]
  {80017034-D4F8-410D-9B03-0E713C34CEAD} <C:\WINDOWS\Downloaded Program Files\ChartFX.ComIEClient.Core.dll, Software FX, Inc.>
[NamoWeCtl 6.0 for samsung_mysingle]
  {859A7EB3-35E6-434B-A82B-08B4F8DDE1B6} <C:\WINDOWS\system32\NamoWec6_samsung_mysingle.dll, Sejoong Namo Interactive, Inc.>
[163Uploader Control]
  {8686F2A6-DC01-4E8F-BDE3-DCC7DBBAD6AE} <C:\WINDOWS\system32\163UPL~1.OCX, 广州网易互动娱乐有限公司>
[NamoWeCtl 5.0 for Samsung_SIMS3]
  {922DEB6A-364A-49C3-83EB-8B9FA3CE4B82} <C:\WINDOWS\system32\NamoWec5_Samsung_SIMS3.dll, Sejoong Namo Interactive, Inc.>
[IxTree Control]
  {9B3E5AA6-A9D6-46C4-99E4-B01AF6ABDD04} <C:\WINDOWS\DOWNLO~1\CONFLICT.1\IxTree.ocx, Samsung SDS>
[MxImageSetU Class]
  {9F0AA341-1D10-4B18-B70B-6AA49CE7F5D6} <C:\WINDOWS\Downloaded Program Files\MxImageSetU.dll, sift infomation & communication>
[SecureSession Class]
  {A93FB56D-2F76-4DD7-8E38-9B1EB38C88A5} <C:\WINDOWS\system32\SecuiSecIE.dll, >
[MxDataSetU Class]
  {AF989B7C-8AC3-40BC-B749-EB335BDFD190} <C:\WINDOWS\Downloaded Program Files\CONFLICT.1\MxDataSetU.dll, SHIFT Infomation & Communication Co., Ltd.>
[MxComboU Class]
  {BB4533A0-85E0-4657-9BF2-E8E7B100D47E} <C:\WINDOWS\Downloaded Program Files\CONFLICT.1\MxComboU.dll, SHIFT Infomation & Communication Co., Ltd.>
[EpAdm2 Control]
  {C63E3330-049F-4C31-B47E-425C84A5A725} <C:\WINDOWS\system32\EpAdm2.ocx, Samsung SDS Co., Ltd>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[MxMaskEditU Class]
  {D7779973-9954-464E-9708-DA774CA50E13} <C:\WINDOWS\Downloaded Program Files\CONFLICT.1\MxMaskEditU.dll, SHIFT Infomation & Communication Co., Ltd.>
[SRW840.SRW_840_C]
  {D7B715F5-F1E1-4904-93A6-1B53E07221A3} <C:\WINDOWS\Downloaded Program Files\SRW840.ocx, Waremec>
[SSLinks Control]
  {DE6ABA6A-095B-43E3-BEBB-879868DC5C8A} <C:\WINDOWS\system32\SSLinks.ocx, LeadingSoft>
[IxSheet Control]
  {DF1AD5D9-977A-4A1F-9392-2AFFCCE6211F} <C:\WINDOWS\DOWNLO~1\CONFLICT.1\IxSheet.ocx, Samsung SDS>
[IBLeaders IBSheet For Unicode Control]
  {E1D1DACA-5BA2-4376-89AD-3A213B916779} <C:\WINDOWS\Downloaded Program Files\CONFLICT.1\IBSheet4Unicode.ocx, IB Leaders Co., Ltd.>
[GSBN_Updater.UserControl1]
  {E463DD62-1D07-425E-B82A-539FBA2F4162} <C:\WINDOWS\system32\GSBN_Updater.ocx, Samsung SDS CO, LTD>
[Iesign Control]
  {F3E92562-1B4D-4BFA-B2D4-E9BCABE3B6A3} <C:\WINDOWS\DOWNLO~1\iesign.ocx, csii>
[SRL101.SRL_101_C]
  {F80FFA1F-348B-4FA4-B1E6-BC63A82090A0} <C:\WINDOWS\Downloaded Program Files\SRL101.ocx, WareMec>
[EPWrapsodyVersion Class]
  {00B4EB57-5F54-4A6A-BC1A-DE9ABA26C0E2} <C:\WINDOWS\ep_fver.dll, >
[MyUpDown Control]
  {011605F4-3A7F-44F8-828A-E2F3BC2BEC2E} <C:\WINDOWS\DOWNLO~1\CONFLICT.1\myUpDown.ocx, SAMSUNG SDS>
[CodeAx Class]
  {03F49E0E-C43A-4037-BBD6-D681E998A08E} <C:\WINDOWS\DOWNLO~1\CONFLICT.1\CM_COD~1.DLL, >
[CEnroll Class]
  {127698E4-E730-4E5C-A2B1-21490A70C8A1} <C:\WINDOWS\system32\xenroll.dll, Microsoft Corporation>
[mySingle.ClsLocal]
  {1B954045-CB17-46CF-A596-BC59E7861D79} <C:\WINDOWS\Downloaded Program Files\CONFLICT.1\mySingle_XPSP2.dll, SDS>
[GSBN.CHINA]
  {2207EDAD-5731-4CCD-B79B-E489022E47AF} <C:\WINDOWS\Downloaded Program Files\GSBN_CHINA.ocx, ??SDS>
[MxLogicalTRU Class]
  {223216F6-B9FE-406D-9ED6-143FCE3A07B8} <C:\WINDOWS\Downloaded Program Files\CONFLICT.1\MxLogicalTRU.dll, sift infomation & communication>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[PSI3_Operation.UC_Operation]
  {2ACC5506-BDA0-4064-A949-1033FF69CF75} <C:\WINDOWS\System32\PSI3_Operation.ocx, SAMSUNG SDS CO., LTD>
[MenuCtrl Class]
  {2DAAD547-FA98-498C-8FB7-63A7FCBDC0AF} <C:\WINDOWS\Downloaded Program Files\pdssctrl.dll, >
[TrustSession Class]
  {2F932BDC-AE12-4CCA-B58A-2C850955579E} <C:\WINDOWS\system32\SecuiSecIE.dll, >
[MxBinderU Class]
  {2F98EA90-EAE1-4AB5-AE89-DA073D824589} <C:\WINDOWS\Downloaded Program Files\CONFLICT.1\MxBinderU.dll, SHIFT Infomation & Communication Co., Ltd.>
[LocalTree.LocalXMLTree]
  {2FF8F8B7-1B3F-4E5F-93B1-FEF1D703C0F4} <C:\WINDOWS\system32\mySingleTree.ocx, Samsung SDS Co., Ltd.>
[EpFTP3 Control]
  {34B5A473-9696-4F9A-9BA1-41B8185A9798} <C:\WINDOWS\system32\EpFTP3.ocx, Samsung SDS Co., Ltd.>
[SVG Document]
  {377B5106-3B4E-4A2D-8520-8767590CAC86} <C:\PROGRA~1\COMMON~1\Adobe\SVGVIE~1.0\NPSVG3.dll, Adobe Systems Incorporated>
[IETag Factory]
  {38481807-CA0E-42D2-BF39-B33AF135CC4D} <C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\IETAG.DLL, Microsoft Corporation>
[Enc Class]
  {3D6C131D-AE95-4484-B2D0-275D4EC62DFD} <C:\WINDOWS\Downloaded Program Files\CONFLICT.1\pdssex.dll, >
[CEditCtrl Object]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\AliEdit.dll, www.alipay.com>
[SRW711.SRW_711_C]
  {4C77B4AB-C802-4E0D-A763-4F6E9EE37118} <C:\WINDOWS\Downloaded Program Files\SRW711.ocx, Waremec>
[Microsoft Licensed Class Manager 1.0]
  {5220CB21-C88D-11CF-B347-00AA00A28331} <C:\WINDOWS\system32\licmgr10.dll, Microsoft Corporation>
[Shell Name Space]
  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[CBrowseStakeout Class]
  {55302805-482E-470E-8A57-6795A1487F90} <C:\KAV2006\KAVAFish.DLL, Kingsoft Corporation>
[金山毒霸在线杀毒]
  {577A1997-6FD0-4972-B234-885DA583F9CE} <C:\PROGRA~1\KOS\KOSClean.ocx, N/A>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[PdssTreeControl Class]
  {70699325-2302-45EF-91A1-2B8950606B04} <C:\WINDOWS\Downloaded Program Files\pdssTree.dll, Samsung SDS>
[MxGridU Class]
  {71E7ACA0-EF63-4055-9894-229B056E9C31} <C:\WINDOWS\Downloaded Program Files\CONFLICT.1\MxGridU.dll, SHIFT Infomation & Communication Co., Ltd.>
[Active Desktop Mover]
  {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[CSNChecker Control]
  {77E9DD66-4E41-4226-9782-88F8A2FA8FCF} <C:\WINDOWS\DOWNLO~1\CSNCHE~1.OCX, Onsori.com>
[PdssRun Class]
  {7D73D9AC-9E28-47E7-B496-867A2341DD6F} <C:\WINDOWS\Downloaded Program Files\pdssx.dll, >
[Chart Object]
  {80017034-D4F8-410D-9B03-0E713C34CEAD} <C:\WINDOWS\Downloaded Program Files\ChartFX.ComIEClient.Core.dll, Software FX, Inc.>
[NamoWeCtl 6.0 for samsung_mysingle]
  {859A7EB3-35E6-434B-A82B-08B4F8DDE1B6} <C:\WINDOWS\system32\NamoWec6_samsung_mysingle.dll, Sejoong Namo Interactive, Inc.>
[163Uploader Control]
  {8686F2A6-DC01-4E8F-BDE3-DCC7DBBAD6AE} <C:\WINDOWS\system32\163UPL~1.OCX, 广州网易互动娱乐有限公司>
gototop
 

[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[NamoWeCtl 5.0 for Samsung_SIMS3]
  {922DEB6A-364A-49C3-83EB-8B9FA3CE4B82} <C:\WINDOWS\system32\NamoWec5_Samsung_SIMS3.dll, Sejoong Namo Interactive, Inc.>
[IxTree Control]
  {9B3E5AA6-A9D6-46C4-99E4-B01AF6ABDD04} <C:\WINDOWS\DOWNLO~1\CONFLICT.1\IxTree.ocx, Samsung SDS>
[MxImageSetU Class]
  {9F0AA341-1D10-4B18-B70B-6AA49CE7F5D6} <C:\WINDOWS\Downloaded Program Files\MxImageSetU.dll, sift infomation & communication>
[SecureSession Class]
  {A93FB56D-2F76-4DD7-8E38-9B1EB38C88A5} <C:\WINDOWS\system32\SecuiSecIE.dll, >
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[MxDataSetU Class]
  {AF989B7C-8AC3-40BC-B749-EB335BDFD190} <C:\WINDOWS\Downloaded Program Files\CONFLICT.1\MxDataSetU.dll, SHIFT Infomation & Communication Co., Ltd.>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[]
  {B69003B3-C55E-4B48-836C-BC5946FC3B28} <C:\Program Files\Messenger\msgsc.dll, Microsoft Corporation>
[MxComboU Class]
  {BB4533A0-85E0-4657-9BF2-E8E7B100D47E} <C:\WINDOWS\Downloaded Program Files\CONFLICT.1\MxComboU.dll, SHIFT Infomation & Communication Co., Ltd.>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[EpAdm2 Control]
  {C63E3330-049F-4C31-B47E-425C84A5A725} <C:\WINDOWS\system32\EpAdm2.ocx, Samsung SDS Co., Ltd>
[AUDIO__MP3 Moniker Class]
  {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__WAV Moniker Class]
  {CD3AFA7B-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
  {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[CSNWeb Control]
  {CEEA7925-1643-40EB-A646-3EC2AA845DD2} <C:\WINDOWS\DOWNLO~1\CSNWeb.ocx, (C) Onsori>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[MxMaskEditU Class]
  {D7779973-9954-464E-9708-DA774CA50E13} <C:\WINDOWS\Downloaded Program Files\CONFLICT.1\MxMaskEditU.dll, SHIFT Infomation & Communication Co., Ltd.>
[SRW840.SRW_840_C]
  {D7B715F5-F1E1-4904-93A6-1B53E07221A3} <C:\WINDOWS\Downloaded Program Files\SRW840.ocx, Waremec>
[SSLinks Control]
  {DE6ABA6A-095B-43E3-BEBB-879868DC5C8A} <C:\WINDOWS\system32\SSLinks.ocx, LeadingSoft>
[IxSheet Control]
  {DF1AD5D9-977A-4A1F-9392-2AFFCCE6211F} <C:\WINDOWS\DOWNLO~1\CONFLICT.1\IxSheet.ocx, Samsung SDS>
[IBLeaders IBSheet For Unicode Control]
  {E1D1DACA-5BA2-4376-89AD-3A213B916779} <C:\WINDOWS\Downloaded Program Files\CONFLICT.1\IBSheet4Unicode.ocx, IB Leaders Co., Ltd.>
[GSBN_Updater.UserControl1]
  {E463DD62-1D07-425E-B82A-539FBA2F4162} <C:\WINDOWS\system32\GSBN_Updater.ocx, Samsung SDS CO, LTD>
[PDSSPrint Class]
  {E4D476CA-2BB9-43F3-8974-63C19C9ECD79} <C:\WINDOWS\Downloaded Program Files\pdssctrl.dll, >
[Iesign Control]
  {F3E92562-1B4D-4BFA-B2D4-E9BCABE3B6A3} <C:\WINDOWS\DOWNLO~1\iesign.ocx, csii>
[SRL101.SRL_101_C]
  {F80FFA1F-348B-4FA4-B1E6-BC63A82090A0} <C:\WINDOWS\Downloaded Program Files\SRL101.ocx, WareMec>
[MyDms Class]
  {FE255843-316B-46F5-B568-3B8A6F81CAEB} <C:\Documentum\DmsExe\DmsVer.dll, Samsung SDS>
[EPPackager Class]
  {FE56C700-D542-47EE-980D-A98C4FD0AE7C} <C:\WINDOWS\ep_fapi.dll, fasoo.com>
[使用网际快车下载]
  <C:\Program Files\FlashGet\jc_link.htm, N/A>
[使用网际快车下载全部链接]
  <C:\Program Files\FlashGet\jc_all.htm, N/A>
[金山毒霸反钓鱼...]
  <C:\KAV2006\KAF\ShowSet.htm, N/A>
gototop
 

==================================
正在运行的进程
[PID: 324][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 508][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 532][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 576][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 588][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 740][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 784][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 844][C:\Program Files\Rising\Rav\CCenter.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[PID: 864][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 904][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 968][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1016][C:\Program Files\Rising\Rav\Ravmond.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 43]
    [C:\Program Files\Rising\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 6]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\Rising\Rav\rfwctrl.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
    [C:\Program Files\Rising\Rav\RsPPsys.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\Program Files\Rising\Rav\RsLog.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
    [C:\Program Files\Rising\Rav\HOOKSYS.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 0]
    [C:\Program Files\Rising\Rav\Scanner.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 8]
    [C:\Program Files\Rising\Rav\libload.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
    [C:\Program Files\Rising\Rav\VirusLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
    [C:\Program Files\Rising\Rav\regmon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
    [C:\Program Files\Rising\Rav\HookWeb.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 1]
    [C:\Program Files\Rising\Rav\MemMon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 12]
    [C:\Program Files\Rising\Rav\expscan.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\Program Files\Rising\Rav\mPorts.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
    [C:\Program Files\Rising\Rav\HookCont.dll]  [Rising, 19, 0, 0, 0]
    [C:\Program Files\Rising\Rav\SpamEng.dll]  [N/A, 18, 0, 0, 6]
    [C:\Program Files\Rising\Rav\engine.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 20]
    [C:\Program Files\Rising\Rav\PostTrt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 8]
    [C:\Program Files\Rising\Rav\UnExe.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [C:\Program Files\Rising\Rav\ScanExec.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 15]
    [C:\Program Files\Rising\Rav\ScanEx.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 32]
    [C:\Program Files\Rising\Rav\ExtFile.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 23]
    [C:\Program Files\Rising\Rav\NvFile.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 11]
    [C:\Program Files\Rising\Rav\ScanMac.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 13]
    [C:\Program Files\Rising\Rav\ScanSct.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
    [C:\Program Files\Rising\Rav\Unpacker.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 17]
    [C:\Program Files\Rising\Rav\ScanPack.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 18]
    [C:\Program Files\Rising\Rav\RsVM.dll]  [N/A, 19, 0, 0, 13]
    [C:\Program Files\Rising\Rav\Uroutine.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
    [C:\Program Files\Rising\Rav\Uscript.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 17]
    [C:\Program Files\Rising\Rav\ExtOLE.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 11]
    [C:\Program Files\Rising\Rav\ScanNet.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[PID: 1220][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\WINDOWS\system32\SSGH1LMK.DLL]  [Samsung Electronics., 1.0.0.0]
[PID: 1412][C:\Program Files\AhnLab\Smart Update Utility\AhnSDsv.exe]  [AhnLab, Inc., 5, 5, 0, 1]
    [C:\Program Files\AhnLab\Smart Update Utility\NLS\ASD0804.nls]  [AhnLab, Inc., 5, 0, 0, 5]
[PID: 1588][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1616][C:\WINDOWS\system32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1196 built by: dnsrv(bld4act)]
[PID: 1880][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 284][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 7]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 7]
    [C:\Program Files\Winrar\rarext.dll]  [N/A, N/A]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\PROGRA~1\ESTsoft\ALZip\AZCTM.dll]  [ESTsoft, 6.1.13.56]
    [C:\KAV2006\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
    [C:\KAV2006\KAVEXT.DLL]  [Kingsoft Corporation, 2005, 8, 5, 16]
gototop
 

[PID: 896][C:\Program Files\Rising\Rav\RavTask.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 7]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 7]
    [C:\KAV2006\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
[PID: 980][C:\Program Files\AhnLab\Smart Update Utility\AhnSD.exe]  [AhnLab, Inc., 5, 5, 0, 1]
    [C:\Program Files\AhnLab\Smart Update Utility\NLS\ASD0804.nls]  [AhnLab, Inc., 5, 0, 0, 5]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 7]
    [C:\KAV2006\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
[PID: 1048][C:\Program Files\Rising\Rav\Ravmon.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 36]
    [C:\Program Files\Rising\Rav\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 28]
    [C:\Program Files\Rising\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 6]
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\Rising\Rav\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
    [C:\Program Files\Rising\Rav\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 7]
    [C:\KAV2006\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
[PID: 1356][C:\Program Files\Rising\AntiSpyware\runiep.exe]  [Beijing Rising Technology Co., Ltd., 1, 0, 1, 3]
    [C:\Program Files\Rising\AntiSpyware\iep_ctrl.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 4]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 7]
    [C:\KAV2006\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
[PID: 1312][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 7]
    [C:\KAV2006\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
[PID: 3956][C:\Program Files\AhnLab\AhnLab SpyZero 2.0\AszMon.exe]  [AhnLab, Inc., 2, 0, 0, 71]
    [C:\Program Files\AhnLab\AhnLab SpyZero 2.0\AszLog.dll]  [AhnLab, Inc., 2, 0, 0, 41]
    [C:\Program Files\AhnLab\AhnLab SpyZero 2.0\ACALogE.dll]  [AhnLab, Inc., 1, 0, 0, 18]
    [C:\Program Files\AhnLab\AhnLab SpyZero 2.0\ahni18n2.dll]  [AhnLab, Inc., 6, 1, 0, 4]
    [C:\Program Files\AhnLab\AhnLab SpyZero 2.0\aszctrl.dll]  [AhnLab, Inc., 2, 0, 0, 93]
    [C:\Program Files\AhnLab\AhnLab SpyZero 2.0\AhnInst.dll]  [AhnLab, Inc., 6, 0, 0, 54]
    [C:\Program Files\AhnLab\AhnLab SpyZero 2.0\ASZFlt.dll]  [AhnLab, Inc, 2, 2, 0, 1]
    [C:\Program Files\AhnLab\AhnLab SpyZero 2.0\AhnCtlKD.dll]  [AhnLab, Inc., 1, 0, 1, 7]
    [C:\Program Files\AhnLab\AhnLab SpyZero 2.0\AszWL.dll]  [AhnLab, Inc., 2, 0, 0, 21]
    [C:\Program Files\AhnLab\AhnLab SpyZero 2.0\AszEnc.dll]  [AhnLab, Inc., 2, 0, 0, 11]
    [C:\Program Files\AhnLab\AhnLab SpyZero 2.0\AszDMZ.dll]  [AhnLab, Inc., 2, 0, 0, 17]
    [C:\Program Files\AhnLab\AhnLab SpyZero 2.0\Nls\ASZL0804.nls]  [AhnLab, Inc., 2, 0, 0, 19]
    [C:\Program Files\AhnLab\AhnLab SpyZero 2.0\Driver\ACALogDF.drv]  [AhnLab, Inc., 1, 0, 0, 13]
    [C:\Program Files\AhnLab\AhnLab SpyZero 2.0\system\62\AhnSZE.dll]  [AhnLab, Inc., 3, 0, 2, 11]
[PID: 2376][C:\Program Files\SAP\FrontEnd\Sapgui\saplogon.exe]  [SAP AG, Walldorf, 6402.2.3.978]
    [C:\Program Files\SAP\FrontEnd\Sapgui\saplgnui.dll]  [SAP AG, Walldorf, 6402.2.3.5]
    [C:\Program Files\SAP\FrontEnd\Sapgui\sappctxt.dll]  [SAP AG, Walldorf, 6400.2.0.19]
    [C:\Program Files\SAP\FrontEnd\Sapgui\sapfewtr.dll]  [SAP AG, Walldorf, 6402.2.3.222]
    [C:\Program Files\SAP\FrontEnd\Sapgui\sapfewut.dll]  [SAP AG, Walldorf, 6402.2.3.258]
    [C:\Program Files\SAP\FrontEnd\Sapgui\sapthmcust.dll]  [SAP AG, Walldorf, 6402.2.3.1011]
    [C:\Program Files\SAP\FrontEnd\Sapgui\sapfewrm.dll]  [SAP AG, Walldorf, 6402.2.3.332]
    [C:\Program Files\SAP\FrontEnd\Sapgui\sapfewcx.dll]  [SAP AG, Walldorf, 6400.2.0.208]
    [C:\Program Files\SAP\FrontEnd\Sapgui\saplgdll.dll]  [SAP AG, Walldorf, 6402.2.3.964]
    [C:\Program Files\SAP\FrontEnd\Sapgui\sapdpams.dll]  [SAP AG, Walldorf, 6400.2.0.0815]
    [C:\Program Files\SAP\FrontEnd\Sapgui\sapshlib.dll]  [SAP AG, Walldorf, 6402.2.3.43]
    [C:\Program Files\SAP\FrontEnd\Sapgui\sapguilib.dll]  [SAP AG, Walldorf, 6402.2.3.8966]
    [C:\Program Files\SAP\FrontEnd\Sapgui\sapfront.dll]  [SAP AG, Walldorf, 6402.2.3.2923]
    [C:\Program Files\SAP\FrontEnd\Sapgui\sapfewed.dll]  [SAP AG, Walldorf, 6400.2.0.9]
    [C:\Program Files\SAP\FrontEnd\Sapgui\sapfewcls.dll]  [SAP AG, Walldorf, 6402.2.3.004]
    [C:\Program Files\SAP\FrontEnd\Sapgui\sapfewnls.dll]  [SAP AG, Walldorf, 6402.2.3.016]
    [C:\Program Files\SAP\FrontEnd\Sapgui\sapfewdr.dll]  [SAP AG, Walldorf, 6402.2.3.214]
    [C:\Program Files\SAP\FrontEnd\Sapgui\sapfdraw.dll]  [SAP AG, Walldorf, 6402.2.3.252]
    [C:\Program Files\SAP\FrontEnd\Sapgui\sapthmdrw.dll]  [SAP AG, Walldorf, 6402.2.3.102]
    [C:\Program Files\SAP\FrontEnd\Sapgui\sapfewdp.dll]  [SAP AG, Walldorf, 6402.2.3.68]
    [C:\Program Files\SAP\FrontEnd\Sapgui\sapawrfc.dll]  [SAP AG, Walldorf, 6402.2.3.238]
    [C:\Program Files\SAP\FrontEnd\Sapgui\sapawole.dll]  [SAP AG, Walldorf, 6402.2.3.223]
    [C:\WINDOWS\system32\LIBRFC32.dll]  [SAP AG, 6402, 2, 35, 4454]
    [C:\Program Files\SAP\FrontEnd\Sapgui\sapfewcb.dll]  [SAP AG, Walldorf, 6402.2.3.212]
    [C:\Program Files\SAP\FrontEnd\Sapgui\sapfewui.dll]  [SAP AG, Walldorf, 6402.2.3.344]
    [C:\Program Files\SAP\FrontEnd\Sapgui\sapfctrl.dll]  [SAP AG, Walldorf, 6402.2.3.283]
    [C:\Program Files\SAP\FrontEnd\Sapgui\sapapihk.dll]  [SAP AG, 1, 0, 0, 5]
    [C:\Program Files\SAP\FrontEnd\Sapgui\gngmb.dll]  [SAP AG, Walldorf, 6402.2.3.1007]
    [C:\Program Files\SAP\FrontEnd\Sapgui\sapfhook.dll]  [SAP AG, Walldorf, 6402.2.3.206]
    [C:\Program Files\SAP\FrontEnd\Sapgui\sapcpp45.dll]  [SAP AG, 6400, 17, 0, 30013]
    [c:\program files\sap\frontend\sapgui\sapdatap.ocx]  [SAP AG, Walldorf, 6402.2.3.238]
    [C:\Program Files\SAP\FrontEnd\SapGui\sapguisv.ocx]  [SAP AG, Walldorf, 6400.2.0.236]
    [C:\WINDOWS\system32\sapbtmp.dll]  [SAP AG, Walldorf, 6402.2.3.1309]
    [C:\Program Files\SAP\FrontEnd\Sapgui\guixt.dll]  [Synactive GmbH  www.synactive.com, 2004.2.1]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 7]
    [c:\program files\sap\frontend\sapgui\sapguirm.ocx]  [SAP AG, Walldorf, 6402.2.3.210]
    [C:\Program Files\SAP\FrontEnd\SapGui\saptabcn.ocx]  [SAP AG, Walldorf, 6400.2.0.223]
    [C:\KAV2006\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
    [C:\Program Files\SAP\FrontEnd\SapGui\sapcltfc.ocx]  [SAP AG, Walldorf, 6400.2.0.101]
gototop
 

[PID: 1952][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\KAV2006\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 7]
[PID: 4032][C:\KAV2006\KWatch.EXE]  [Kingsoft Corporation, 2005, 9, 27, 51]
    [C:\KAV2006\KAVIPC2.DLL]  [Kingsoft Corporation, 2004, 12, 28, 20]
    [C:\KAV2006\KAEPlat.DLL]  [Kingsoft Corp., 2004, 11, 26, 53]
    [C:\KAV2006\KAEMem.DAT]  [Kingsoft, 2004, 11, 9, 11]
[PID: 3932][C:\KAV2006\KPfwSvc.EXE]  [Kingsoft Corporation, 2005, 9, 5, 28]
[PID: 2272][C:\KAV2006\KMailMon.EXE]  [Kingsoft Corporation, 2005, 10, 8, 85]
    [C:\KAV2006\KAntiSpm.dll]  [N/A, 1, 0, 0, 2]
    [C:\KAV2006\KAVIPC2.DLL]  [Kingsoft Corporation, 2004, 12, 28, 20]
    [C:\KAV2006\KAECall2.DLL]  [Kingsoft Corporation, 2004, 12, 28, 7]
    [C:\KAV2006\KAEPlat.DLL]  [Kingsoft Corp., 2004, 11, 26, 53]
    [C:\KAV2006\KAEMem.DAT]  [Kingsoft, 2004, 11, 9, 11]
    [C:\KAV2006\KAConfig.DLL]  [Kingsoft Corporation, 2005, 3, 23, 30]
    [C:\KAV2006\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 7]
[PID: 2404][C:\KAV2006\KPFW32.EXE]  [Kingsoft Corporation, 2005, 11, 22, 606]
    [C:\KAV2006\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
    [C:\KAV2006\KAVIPC2.DLL]  [Kingsoft Corporation, 2004, 12, 28, 20]
    [C:\KAV2006\KAConfig.DLL]  [Kingsoft Corporation, 2005, 3, 23, 30]
    [C:\KAV2006\FiltList.dll]  [N/A, N/A]
    [C:\KAV2006\KAVPassp.DLL]  [Kingsoft Corporation, 2005, 11, 22, 221]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 7]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\KAV2006\KAEPlat.DLL]  [Kingsoft Corp., 2004, 11, 26, 53]
    [C:\KAV2006\KAEMem.DAT]  [Kingsoft, 2004, 11, 9, 11]
[PID: 2836][C:\KAV2006\KAV32.exe]  [Kingsoft Corporation, 2005, 11, 24, 2008]
    [C:\KAV2006\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
    [C:\KAV2006\KAV32Res.dll]  [Kingsoft Corporation, 2005, 11, 22, 22]
    [C:\KAV2006\KAEPlat.DLL]  [Kingsoft Corp., 2004, 11, 26, 53]
    [C:\KAV2006\KAEMem.DAT]  [Kingsoft, 2004, 11, 9, 11]
    [C:\KAV2006\KAConfig.DLL]  [Kingsoft Corporation, 2005, 3, 23, 30]
    [C:\KAV2006\KAVIPC2.DLL]  [Kingsoft Corporation, 2004, 12, 28, 20]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 7]
    [C:\KAV2006\KAVPassp.DLL]  [Kingsoft Corporation, 2005, 11, 22, 221]
    [C:\KAV2006\DBAgent.DLL]  [Kingsoft Corporation, 2005, 10, 27, 9]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 3464][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\KAV2006\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 7]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [C:\KAV2006\KAVAFish.DLL]  [Kingsoft Corporation, 2006, 10, 25, 27]
[PID: 2816][C:\KAV2006\KAVStart.EXE]  [Kingsoft Corporation, 2006, 11, 10, 212]
    [C:\KAV2006\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
    [C:\KAV2006\KAVIPC2.DLL]  [Kingsoft Corporation, 2004, 12, 28, 20]
    [C:\KAV2006\SvcTimer.DLL]  [Kingsoft Corporation, 2006.12.22.84]
    [C:\KAV2006\PopSprt3.dll]  [Kingsoft Corporation, 2006, 9, 26, 38]
    [C:\KAV2006\KAVPassp.dll]  [Kingsoft Corporation, 2005, 11, 22, 221]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 7]
[PID: 2088][E:\software\灰鸽子木马专杀\HijackThis 1.99.0\HijackThis1991汉化版\HijackThis1991zww.exe]  [Soeperman Enterprises Ltd., 1.99.0001]
    [C:\KAV2006\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 7]
[PID: 3512][C:\WINDOWS\system32\msiexec.exe]  [Microsoft Corporation, 3.1.4000.1823]
[PID: 2964][C:\Downloads\sreng2\SREng.EXE]  [Smallfrogs Studio, 2.3.13.690]
    [C:\KAV2006\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 7]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  Error. [winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
109.10.1.17    bjdccs
127.0.0.1      localhost

==================================
API HOOK
警告!System Repair Engineer 提醒
你下面的函数内容与预期值不符,他
们可能被一些恶意的软件所修改:
入口点错误:LoadLibraryExW

==================================


[/CODE]
gototop
 

最近我公司的好多电脑也中了此病毒,我用瑞星升级到最新版终于把它给杀掉了,但查杀时间比较长,所以我就从网上找了手动查杀的方法。据瑞星报的是灰鸽子,我不知道是不是误报,我把我找的手动查杀资料发出来,肯定可以解决此问题。


IEXPLORE.EXE可以进程的最终解决方案!
该病毒感染的迹象:
1,在启动到桌面的时候以system为用户名建立iexplore.exe或是IEXPLORE.EXE进程,不仅占用大量内存,而且每过几秒种就自动复制一个!
2,具有很深的隐藏性,不容易被用户所发现。通过定位该进程始终指向正常的C:\Program Files\Internet Explorer\IEXPLORE.EXE
经过确认其实这个进程是和twunk32.exe  有着某种的关系。
手工查杀twunk32.exe:
1、点击:“开始”、“运行”。键入regedit,按回车。清理注册表:
(1)展开:HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows
删除:"load"=""  这项中招主要表现为图片
(2)展开:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
删除:"twin"="c:\\windows\\system32\\twunk32.exe"
2、重启。显示隐藏文件。
3、删除c:\windows\system32\twunk32.exe。
4、卸载QQ。重新安装。因为QQ文件夹中的TIMPlatform.exe已被病毒覆盖,或是删除TIMPlatform.exe也行,这点很重要!

    为什么要这样做呢?原因是该病毒监控并修改注册表,还把自己设置为启动加载项,其他木马杀客 恶意软件清理 360安全 黄山等都不能彻底的杀掉。此病毒寄存在腾讯公司的聊天软件QQ里面,就算你重装或还原了系统,如果没有删除QQ,是没用的。因为病毒在QQ里头,有个隐藏文件,一运行QQ就感染。重装QQ也是无效的,必须将整个QQ目录包全部删了。所以:步骤如下:
    1、重装或还原系统,
    2、直接删除整个QQ目录包,
    还原后再重新安装无毒的QQ原程序,OK。


gototop
 

引用:
【花花公子与小赖虫的贴子】  最近我公司的好多电脑也中了此病毒,我用瑞星升级到最新版终于把它给杀掉了,但查杀时间比较长,所以我就从网上找了手动查杀的方法。据瑞星报的是灰鸽子,我不知道是不是误报,我把我找的手动查杀资料发出来,肯定可以解决此问题。


IEXPLORE.EXE可以进程的最终解决方案!
该病毒感染的迹象:
1,在启动到桌面的时候以system为用户名建立iexplore.exe或是IEXPLORE.EXE进程,不仅占用大量内存,而且每过几秒种就自动复制一个!
2,具有很深的隐藏性,不容易被用户所发现。通过定位该进程始终指向正常的C:\Program Files\Internet Explorer\IEXPLORE.EXE
经过确认其实这个进程是和twunk32.exe  有着某种的关系。
手工查杀twunk32.exe:
1、点击:“开始”、“运行”。键入regedit,按回车。清理注册表:
(1)展开:HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows
删除:"load"=""  这项中招主要表现为图片
(2)展开:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
删除:"twin"="c:\\windows\\system32\\twunk32.exe"
2、重启。显示隐藏文件。
3、删除c:\windows\system32\twunk32.exe。
4、卸载QQ。重新安装。因为QQ文件夹中的TIMPlatform.exe已被病毒覆盖,或是删除TIMPlatform.exe也行,这点很重要!

    为什么要这样做呢?原因是该病毒监控并修改注册表,还把自己设置为启动加载项,其他木马杀客 恶意软件清理 360安全 黄山等都不能彻底的杀掉。此病毒寄存在腾讯公司的聊天软件QQ里面,就算你重装或还原了系统,如果没有删除QQ,是没用的。因为病毒在QQ里头,有个隐藏文件,一运行QQ就感染。重装QQ也是无效的,必须将整个QQ目录包全部删了。所以:步骤如下:
    1、重装或还原系统,
    2、直接删除整个QQ目录包,
    还原后再重新安装无毒的QQ原程序,OK。



………………

非常感谢!!你的东西我记下了。不过还好我可能中的和你不同。所以没有发现
现在可以说可能是瑞星的一个BUG,12月29日升级前的误报,目前升级到1月4日就不再有了
非常感谢
gototop
 
123   3  /  3  页   跳转