瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 怀疑中毒了,扫个SR日志,请大家帮忙看看,!!!不胜感激之至!!!

1   1  /  1  页   跳转

[求助] 怀疑中毒了,扫个SR日志,请大家帮忙看看,!!!不胜感激之至!!!

收藏
天使楚楚
头像
初生襁褓狮
  • 帖子:39
  • 注册: 2006-10-18
  • 来自:
发表于: 2008-10-31 22:57 | 只看楼主 短消息 资料
字号: 1楼

怀疑中毒了,扫个SR日志,请大家帮忙看看,!!!不胜感激之至!!!

ps:HOSTS 文件,我用超级兔子的上网精灵屏蔽了几十个恶意网址,呵呵



2008-10-30,21:59:30
System Repair Engineer 2.7.0.1210
Smallfrogs (http://www.KZTechs.com)
Windows XP Professional Service Pack 3 (Build 2600) - 管理权限用户 - 完整功能
以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描
    计划任务
    API HOOK
    隐藏进程

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Component Publisher]
    <H/PC Connection Agent><"C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE">  [Microsoft Corporation]
    <Super Rabbit IEPro><C:\Program Files\Super Rabbit\MagicSet\SRIECLI.EXE /LOAD>  [Super Rabbit Soft]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
    <run><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <Super Rabbit SRRestore><C:\Program Files\Super Rabbit\MagicSet\srrest.exe /autosave>  [Super Rabbit Soft]
    <Adobe Reader Speed Launcher><"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe">  [(Verified)"Adobe Systems, Incorporated"]
    <IME JPN 2007 Migration><C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMEJP\IMJPKLMG.EXE /Preload>  [(Verified)Microsoft Corporation]
    <360Safetray><C:\Program Files\360safe\safemon\360tray.exe /start>  [(Verified)Qizhi Software (beijing) Co. Ltd]
    <AVP><"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe">  [(Verified)Kaspersky Lab]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><C:\PROGRA~1\KASPER~2\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~2\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~2\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~2\KASPER~1\kloehk.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <CDBurn><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <WebCheck><C:\WINDOWS\system32\webcheck.dll>  [(Verified)Microsoft Windows Component Publisher]
    <SysTray><C:\WINDOWS\system32\stobject.dll>  [(Verified)Microsoft Windows Component Publisher]
    <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    <WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    <WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    <WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
    <WinlogonNotify: dimsntfy><%SystemRoot%\System32\dimsntfy.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
    <WinlogonNotify: klogon><C:\WINDOWS\system32\klogon.dll>  [(Verified)Kaspersky Lab]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    <WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    <WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    <WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    <WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    <WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    <WinlogonNotify: WgaLogon><WgaLogon.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    <WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
    <IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    <Browser Customizations><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
    <浏览器自定义组件><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger><rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\msmsgs.inf,BLC.Install.PerUser>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
    <Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
    <Internet Explorer><C:\WINDOWS\system32\ie4uinit.exe -BaseSettings>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    <N/A><c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><C:\WINDOWS\system32\ssmypics.scr>  [(Verified)Microsoft Windows Component Publisher]
==================================
启动文件夹
[Adobe Gamma Loader]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Gamma Loader.lnk --> C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [Adobe Systems, Inc.]><N>
==================================
服务
[Kaspersky Internet Security / AVP][Running/Auto Start]
  <"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" -r><Kaspersky Lab>
[C-DillaCdaC11BA / C-DillaCdaC11BA][Running/Auto Start]
  <C:\WINDOWS\system32\drivers\CDAC11BA.EXE><Macrovision>
[C-DillaSrv / C-DillaSrv][Running/Auto Start]
  <C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE><C-Dilla Ltd>
[HID Input Service / HidServ][Stopped/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Windows Live Setup Service / WLSetupSvc][Stopped/Manual Start]
  <"C:\Program Files\Windows Live\installer\WLSetupSvc.exe"><Microsoft Corporation>
==================================
驱动程序
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Stopped/Manual Start]
  <system32\drivers\ac97intc.sys><Intel Corporation>
[AmdK8 Compatible Device / AmdK8][Stopped/Manual Start]
  <System32\drivers\amdk8.sys><Advanced Micro Devices>
[CdaC15BA / CdaC15BA][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\CDAC15BA.SYS><Macrovision Europe Ltd>
[corega FEtherII PCC-TXD LAN Card / CO2DPCX5][Stopped/Manual Start]
  <system32\DRIVERS\CO2DPCX5.sys><corega K.K.>
[d347bus / d347bus][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\d347bus.sys><>
[d347prt / d347prt][Running/Boot Start]
  <\SystemRoot\System32\Drivers\d347prt.sys><>
[Dritek Keyboard Filter Driver / DKbFltr][Running/Manual Start]
  <system32\DRIVERS\DKbFltr.sys><Dritek System Inc.>
[Yamaha DS1 Audio Driver (WDM) / ds1][Running/Manual Start]
  <system32\drivers\ds1wdm.sys><Yamaha Corp.>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Stopped/Manual Start]
  <system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[kl1 / kl1][Running/Boot Start]
  <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
[Kaspersky Lab Boot Guard Driver / klbg][Running/Boot Start]
  <\SystemRoot\system32\drivers\klbg.sys><Kaspersky Lab>
[Kaspersky Lab KLFltDev / KLFLTDEV][Running/Manual Start]
  <system32\DRIVERS\klfltdev.sys><Kaspersky Lab>
[Kaspersky Lab Driver / KLIF][Running/System Start]
  <system32\DRIVERS\klif.sys><Kaspersky Lab>
[nv / nv][Stopped/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Toshiba FIR Port Type-DO / OBOE][Running/Manual Start]
  <system32\DRIVERS\tos4mo.sys><TOSHIBA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
  <\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[Feitian ROCKEY4 Device Service / ROCKEYNT][Running/Manual Start]
  <system32\DRIVERS\Rockey4.sys><Feitian Technologies Co., Ltd.>
[Gigabyte RT2500 Wireless Driver / RT2500][Running/Manual Start]
  <system32\DRIVERS\RT2500.sys><Ralink Technology Inc.>
[%SAUSBHW.SvcDesc% / SAUSBHW][Stopped/Auto Start]
  <System32\Drivers\sausb.sys><>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[Sony USB Filter Driver (SONYPVU1) / SONYPVU1][Stopped/Manual Start]
  <system32\DRIVERS\SONYPVU1.SYS><Sony Corporation>
[Sparrow / Sparrow][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\sparrow.sys><Adaptec, Inc.>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
  <system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[Tridkb / Tridkb][Running/Manual Start]
  <system32\DRIVERS\tridkbm.sys><Trident Microsystems Inc.>
==================================
浏览器加载项
[Adobe PDF Reader Link Helper]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, (Signed) Adobe Systems Incorporated>
[IE to GetRight Helper]
  {31FF080D-12A3-439A-A2EF-4BA95A3148E8} <C:\Program Files\GetRight\xx2gr.dll, (Signed) Headlight Software, Inc.>
[IEVkbdBHO Class]
  {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} <C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll, (Signed) Kaspersky Lab>
[NXIECatcher Class]
  {83B80A9C-D91A-4F22-8DCF-EA7204039F79} <C:\Program Files\Xi\NetXfer\NXIEHelper.dll, Xi>
[Windows Live 登录帮助程序]
  {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, (Signed) Microsoft Corporation>
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, (Signed) 360.CN>
[Web 流量保护状态]
  {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll, (Signed) Kaspersky Lab>
[启动WEB迅雷]
  {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} <http://my.xunlei.com, N/A>
[]
  {e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, (Signed) N/A>
[Office Genuine Advantage Validation Tool]
  {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} <C:\WINDOWS\system32\OGACheckControl.dll, (Signed) >
[Microsoft Genuine Advantage Self Support Tool]
  {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} <C:\WINDOWS\system32\SelfHelpControl.DLL, (Signed) Microsoft Corporation>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, (Signed) Microsoft Corporation>
[MUWebControl Class]
  {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, (Signed) Microsoft Corporation>
[Office Update Installation Engine]
  {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} <C:\WINDOWS\opuc.dll, Microsoft Corporation>
[WebThunder Browser Helper]
  {00000AAA-A363-466E-BEF5-9BB68697AA7F} <C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[WebThunder Class]
  {03507A1A-E0C5-4404-AA26-205385C0892D} <, >
[Office Genuine Advantage Validation Tool]
  {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} <C:\WINDOWS\system32\OGACheckControl.dll, (Signed) >
[Adobe PDF Reader Link Helper]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, (Signed) Adobe Systems Incorporated>
[IE2EMBHO Class]
  {0A0DDBD3-6641-40B9-873F-BBDD26D6C14E} <C:\Program Files\easyMule\modules\IE2EM.dll, (Signed) VeryCD.com>
[Fade]
  {16B280C5-EE70-11D1-9066-00C04FD9189D} <C:\WINDOWS\system32\Dxtmsft.dll, (Signed) Microsoft Corporation>
[Windows Genuine Advantage Validation Tool]
  {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, (Signed) Microsoft Corporation>
[Microsoft Genuine Advantage Self Support Tool]
  {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} <C:\WINDOWS\system32\SelfHelpControl.DLL, (Signed) Microsoft Corporation>
[]
  {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <, >
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, (Signed) Microsoft Corporation>
[XML DOM Document]
  {2933BF90-7B36-11D2-B20E-00C04F983E60} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, (Signed) Microsoft Corporation>
[]
  {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} <, >
[]
  {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} <, >
[WebThunder DapPlayer]
  {2EEDA47E-8D5C-4d7e-B4B6-E16E19218555} <C:\Program Files\Thunder Network\WebThunder\DownAndPlay\DapPlayer3.0.5712.71.414.dll, ShenZhen Thunder Networking Technologies Ltd.>
[IE to GetRight Helper]
  {31FF080D-12A3-439A-A2EF-4BA95A3148E8} <C:\Program Files\GetRight\xx2gr.dll, (Signed) Headlight Software, Inc.>
[Microsoft Office Control]
  {4453D895-F2A1-4A38-A285-1EF9BD3F6D5D} <C:\PROGRA~1\MICROS~2\OFFICE11\AUTHZAX.DLL, (Signed) Microsoft Corporation>
[XML Document]
  {48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[Shell Name Space]
  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <C:\WINDOWS\system32\ieframe.dll, (Signed) Microsoft Corporation>
[IEVkbdBHO Class]
  {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} <C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll, (Signed) Kaspersky Lab>
[]
  {635A7AFA-FB22-4A4E-8AB8-C85CFAB14626} <, >
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, (Signed) Microsoft Corporation>
[XMP Class]
  {6483F145-A768-4C41-AACC-52D4D7845851} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, >
[XDRM]
  {693571CB-54A3-4E90-9D52-EEAE1334E2D3} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work, >
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[MUWebControl Class]


用户系统信息:Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727)
分享到:
gototop
 
天使楚楚
头像
初生襁褓狮
  • 帖子:39
  • 注册: 2006-10-18
  • 来自:
发表于: 2008-10-31 22:58 | 只看楼主 短消息 资料
字号: 2楼

回复:怀疑中毒了,扫个SR日志,请大家帮忙看看,!!!不胜感激之至!!!

{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, (Signed) Microsoft Corporation>
[]
  {7E853D72-626A-48EC-A868-BA8D5E23E045} <, >
[NXIECatcher Class]
  {83B80A9C-D91A-4F22-8DCF-EA7204039F79} <C:\Program Files\Xi\NetXfer\NXIEHelper.dll, Xi>
[360SafeLive]
  {87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360safe\live.dll, (Signed) 360.cn>
[Microsoft Web Browser]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\ieframe.dll, (Signed) Microsoft Corporation>
[CibaCtrl Class]
  {8DE0FCD4-5EB5-11D3-AD25-00002100131B} <C:\WINDOWS\system32\IEPlugin.dll, >
[Windows Live 登录帮助程序]
  {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, (Signed) Microsoft Corporation>
[]
  {962EFB8E-2683-42D4-AC74-AAA4C759B9C6} <, >
[RMGetLicense Class]
  {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, (Signed) Microsoft Corporation>
[DapCtrl Class]
  {ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} <C:\Program Files\Common Files\Thunder Network\KanKan\dapctrl.2.1.5801.53.(414).dll, ShenZhen Thunder Networking Technologies Ltd.>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, (Signed) N/A>
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, (Signed) 360.CN>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, (Signed) Microsoft Corporation>
[]
  {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} <, >
[Office Update Installation Engine]
  {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} <C:\WINDOWS\opuc.dll, Microsoft Corporation>
[JoyoCtrl Class]
  {C8CE29C5-7589-11D3-B81B-0080C8DC5DC8} <C:\WINDOWS\system32\IEPlugin.dll, >
[AUDIO__X_MS_WMA Moniker Class]
  {CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks>
[Windows Live 登录控制]
  {D2517915-48CE-4286-970F-921E881B8C5C} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, (Signed) Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\FlDbg10a.ocx, (Signed) Adobe Systems, Inc.>
[Microsoft Silverlight]
  {DFEAF541-F3E1-4C24-ACAC-99C30715084A} <C:\Program Files\Microsoft Silverlight\2.0.31005.0\npctrl.dll, (Signed)  Microsoft Corporation>
[]
  {E1771B7F-98BE-407F-BA67-AA16ADA5D0C5} <C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGSC8~1.DLL, (Signed) Microsoft Corporation>
[]
  {E2E2DD38-D088-4134-82B7-F2BA38496583} <, >
[XML HTTP Request]
  {ED8C108E-4349-11D2-91A4-00C04F7969E8} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[Scripting.Dictionary]
  {EE09B103-97E0-11CF-978F-00A02463E06F} <C:\WINDOWS\system32\scrrun.dll, (Signed) Microsoft Corporation>
[XPPlayer Class]
  {F3E70CEA-956E-49CC-B444-73AFE593AD7F} <C:\Program Files\Common Files\Thunder Network\KanKan\PPlayer.2.0.0.164.(414).dll, Thunder>
[XML DOM Document]
  {F6D90F11-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[XML HTTP]
  {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[]
  {FB5F1910-F110-11D2-BB9E-00C04F795683} <, >
["添加到卡巴斯基反广告"]
  <C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm, N/A>
[Download with GetRight Pro]
  <C:\Program Files\GetRight\GRdownload.htm, N/A>
[Open with GetRight Pro Browser]
  <C:\Program Files\GetRight\GRbrowse.htm, N/A>
[使用WEB迅雷下载]
  <C:\Program Files\Thunder Network\WebThunder\GetUrl.htm, N/A>
[使用WEB迅雷下载全部链接]
  <C:\Program Files\Thunder Network\WebThunder\GetAllUrl.htm, N/A>
[使用电驴下载]
  <C:\Program Files\easyMule\IE2EM.htm, N/A>
[使用网络传送带下载]
  <C:\Program Files\Xi\NetXfer\NXAddLink.html, N/A>
[使用网络传送带下载全部链接]
  <C:\Program Files\Xi\NetXfer\NXAddList.html, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
==================================
正在运行的进程
[PID: 584 / SYSTEM][\SystemRoot\System32\smss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 640 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 664 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
    [C:\PROGRA~1\KASPER~2\KASPER~1\mzvkbd.dll]  [Kaspersky Lab, 8.0.0.454]
    [C:\PROGRA~1\KASPER~2\KASPER~1\mzvkbd3.dll]  [Kaspersky Lab, 8.0.0.454]
    [C:\PROGRA~1\KASPER~2\KASPER~1\adialhk.dll]  [Kaspersky Lab, 8.0.0.454]
    [C:\PROGRA~1\KASPER~2\KASPER~1\kloehk.dll]  [Kaspersky Lab, 8.0.0.454]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\klogon.dll]  [Kaspersky Lab, 8.0.0.454]
[PID: 708 / SYSTEM][C:\WINDOWS\system32\services.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\PROGRA~1\KASPER~2\KASPER~1\mzvkbd.dll]  [Kaspersky Lab, 8.0.0.454]
    [C:\PROGRA~1\KASPER~2\KASPER~1\mzvkbd3.dll]  [Kaspersky Lab, 8.0.0.454]
    [C:\PROGRA~1\KASPER~2\KASPER~1\adialhk.dll]  [Kaspersky Lab, 8.0.0.454]
    [C:\PROGRA~1\KASPER~2\KASPER~1\kloehk.dll]  [Kaspersky Lab, 8.0.0.454]
[PID: 720 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\PROGRA~1\KASPER~2\KASPER~1\mzvkbd.dll]  [Kaspersky Lab, 8.0.0.454]
    [C:\PROGRA~1\KASPER~2\KASPER~1\mzvkbd3.dll]  [Kaspersky Lab, 8.0.0.454]
    [C:\PROGRA~1\KASPER~2\KASPER~1\adialhk.dll]  [Kaspersky Lab, 8.0.0.454]
    [C:\PROGRA~1\KASPER~2\KASPER~1\kloehk.dll]  [Kaspersky Lab, 8.0.0.454]
[PID: 872 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\PROGRA~1\KASPER~2\KASPER~1\mzvkbd.dll]  [Kaspersky Lab, 8.0.0.454]
    [C:\PROGRA~1\KASPER~2\KASPER~1\mzvkbd3.dll]  [Kaspersky Lab, 8.0.0.454]
    [C:\PROGRA~1\KASPER~2\KASPER~1\adialhk.dll]  [Kaspersky Lab, 8.0.0.454]
    [C:\PROGRA~1\KASPER~2\KASPER~1\kloehk.dll]  [Kaspersky Lab, 8.0.0.454]
[PID: 948 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\PROGRA~1\KASPER~2\KASPER~1\mzvkbd.dll]  [Kaspersky Lab, 8.0.0.454]
    [C:\PROGRA~1\KASPER~2\KASPER~1\mzvkbd3.dll]  [Kaspersky Lab, 8.0.0.454]
    [C:\PROGRA~1\KASPER~2\KASPER~1\adialhk.dll]  [Kaspersky Lab, 8.0.0.454]
    [C:\PROGRA~1\KASPER~2\KASPER~1\kloehk.dll]  [Kaspersky Lab, 8.0.0.454]
[PID: 1032 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\System32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\PROGRA~1\KASPER~2\KASPER~1\mzvkbd.dll]  [Kaspersky Lab, 8.0.0.454]
    [C:\PROGRA~1\KASPER~2\KASPER~1\mzvkbd3.dll]  [Kaspersky Lab, 8.0.0.454]
    [C:\PROGRA~1\KASPER~2\KASPER~1\adialhk.dll]  [Kaspersky Lab, 8.0.0.454]
    [C:\PROGRA~1\KASPER~2\KASPER~1\kloehk.dll]  [Kaspersky Lab, 8.0.0.454]
[PID: 1192 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\PROGRA~1\KASPER~2\KASPER~1\mzvkbd.dll]  [Kaspersky Lab, 8.0.0.454]
    [C:\PROGRA~1\KASPER~2\KASPER~1\mzvkbd3.dll]  [Kaspersky Lab, 8.0.0.454]
    [C:\PROGRA~1\KASPER~2\KASPER~1\adialhk.dll]  [Kaspersky Lab, 8.0.0.454]
    [C:\PROGRA~1\KASPER~2\KASPER~1\kloehk.dll]  [Kaspersky Lab, 8.0.0.454]
[PID: 1564 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\PROGRA~1\KASPER~2\KASPER~1\mzvkbd.dll]  [Kaspersky Lab, 8.0.0.454]
    [C:\PROGRA~1\KASPER~2\KASPER~1\mzvkbd3.dll]  [Kaspersky Lab, 8.0.0.454]
    [C:\PROGRA~1\KASPER~2\KASPER~1\adialhk.dll]  [Kaspersky Lab, 8.0.0.454]
    [C:\PROGRA~1\KASPER~2\KASPER~1\kloehk.dll]  [Kaspersky Lab, 8.0.0.454]
[PID: 1676 / Administrator][C:\WINDOWS\Explorer.EXE]  [(Verified) Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\PROGRA~1\KASPER~2\KASPER~1\mzvkbd.dll]  [Kaspersky Lab, 8.0.0.454]
    [C:\PROGRA~1\KASPER~2\KASPER~1\mzvkbd3.dll]  [Kaspersky Lab, 8.0.0.454]
    [C:\PROGRA~1\KASPER~2\KASPER~1\adialhk.dll]  [Kaspersky Lab, 8.0.0.454]
    [C:\PROGRA~1\KASPER~2\KASPER~1\kloehk.dll]  [Kaspersky Lab, 8.0.0.454]
    [C:\WINDOWS\system32\AcSignIcon.dll]  [Autodesk, 16.0.0.86]
    [C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll]  [Autodesk, 16.0.0.86]
    [C:\Program Files\360safe\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1005]
    [C:\WINDOWS\system32\mp3infp.dll]  [win32lab.com, 2.54.5.0]
    [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 8.1.0.0]
    [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.CHS]  [Adobe Systems, Inc., 8.0.0.0]
    [C:\Program Files\Corel\Corel Graphics 11\Programs\CdrIco110.dll]  [Corel Corporation, 11.704]
[PID: 512 / SYSTEM][C:\WINDOWS\system32\drivers\CDAC11BA.EXE]  [Macrovision, 4.20.020]
    [C:\PROGRA~1\KASPER~2\KASPER~1\mzvkbd.dll]  [Kaspersky Lab, 8.0.0.454]
    [C:\PROGRA~1\KASPER~2\KASPER~1\mzvkbd3.dll]  [Kaspersky Lab, 8.0.0.454]
    [C:\PROGRA~1\KASPER~2\KASPER~1\kloehk.dll]  [Kaspersky Lab, 8.0.0.454]
[PID: 532 / SYSTEM][C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE]  [C-Dilla Ltd, 3.25.010]
    [C:\PROGRA~1\KASPER~2\KASPER~1\mzvkbd.dll]  [Kaspersky Lab, 8.0.0.454]
    [C:\PROGRA~1\KASPER~2\KASPER~1\mzvkbd3.dll]  [Kaspersky Lab, 8.0.0.454]
    [C:\PROGRA~1\KASPER~2\KASPER~1\kloehk.dll]  [Kaspersky Lab, 8.0.0.454]
[PID: 684 / Administrator][C:\Program Files\360safe\safemon\360tray.exe]  [奇虎网, 5, 0, 0, 1002]
    [C:\PROGRA~1\KASPER~2\KASPER~1\mzvkbd.dll]  [Kaspersky Lab, 8.0.0.454]
    [C:\PROGRA~1\KASPER~2\KASPER~1\mzvkbd3.dll]  [Kaspersky Lab, 8.0.0.454]
    [C:\PROGRA~1\KASPER~2\KASPER~1\adialhk.dll]  [Kaspersky Lab, 8.0.0.454]
    [C:\PROGRA~1\KASPER~2\KASPER~1\kloehk.dll]  [Kaspersky Lab, 8.0.0.454]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\Program Files\360safe\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1005]
    [C:\Program Files\360safe\safemon\SafeKrnl.dll]  [奇虎网, 4, 3, 0, 1003]
    [C:\Program Files\360safe\AntiAdwa.dll]  [360Safe.com, 4, 2, 0, 1001]
    [C:\Program Files\360safe\live.dll]  [360.cn, 1, 0, 1, 1028]
[PID: 1100 / Administrator][C:\WINDOWS\system32\ctfmon.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\PROGRA~1\KASPER~2\KASPER~1\mzvkbd.dll]  [Kaspersky Lab, 8.0.0.454]
    [C:\PROGRA~1\KASPER~2\KASPER~1\mzvkbd3.dll]  [Kaspersky Lab, 8.0.0.454]
    [C:\PROGRA~1\KASPER~2\KASPER~1\adialhk.dll]  [Kaspersky Lab, 8.0.0.454]
    [C:\PROGRA~1\KASPER~2\KASPER~1\kloehk.dll]  [Kaspersky Lab, 8.0.0.454]
[PID: 1116 / Administrator][C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE]  [Microsoft Corporation, 3.8.0.5004]
    [C:\WINDOWS\system32\CEUTIL.dll]  [Microsoft Corporation, 3.8.0.5004]
    [C:\WINDOWS\system32\RAPI.dll]  [Microsoft Corporation, 3.8.0.5004]
    [C:\Program Files\Microsoft ActiveSync\TCP2UDP.dll]  [Microsoft Corporation, 3.8.0.5004]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\PROGRA~1\KASPER~2\KASPER~1\mzvkbd.dll]  [Kaspersky Lab, 8.0.0.454]
    [C:\PROGRA~1\KASPER~2\KASPER~1\mzvkbd3.dll]  [Kaspersky Lab, 8.0.0.454]
    [C:\PROGRA~1\KASPER~2\KASPER~1\adialhk.dll]  [Kaspersky Lab, 8.0.0.454]
    [C:\PROGRA~1\KASPER~2\KASPER~1\kloehk.dll]  [Kaspersky Lab, 8.0.0.454]
[PID: 1156 / Administrator][C:\Program Files\Super Rabbit\MagicSet\SRIECLI.EXE]  [Super Rabbit Soft, 8.80]
    [C:\PROGRA~1\KASPER~2\KASPER~1\mzvkbd.dll]  [Kaspersky Lab, 8.0.0.454]
    [C:\PROGRA~1\KASPER~2\KASPER~1\mzvkbd3.dll]  [Kaspersky Lab, 8.0.0.454]
    [C:\PROGRA~1\KASPER~2\KASPER~1\kloehk.dll]  [Kaspersky Lab, 8.0.0.454]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\vb6chs.dll]  [Microsoft Corporation, 6.00.8988]
    [C:\PROGRA~1\SUPERR~1\MagicSet\shlobj71.ocx]  [Sky Software (http://www.ssware.com), 7, 1, 0, 0]
    [C:\Program Files\360safe\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1005]
[PID: 612 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
    [C:\WINDOWS\System32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\PROGRA~1\KASPER~2\KASPER~1\mzvkbd.dll]  [Kaspersky Lab, 8.0.0.454]
    [C:\PROGRA~1\KASPER~2\KASPER~1\mzvkbd3.dll]  [Kaspersky Lab, 8.0.0.454]
    [C:\PROGRA~1\KASPER~2\KASPER~1\adialhk.dll]  [Kaspersky Lab, 8.0.0.454]
    [C:\PROGRA~1\KASPER~2\KASPER~1\kloehk.dll]  [Kaspersky Lab, 8.0.0.454]
[PID: 3204 / SYSTEM][C:\WINDOWS\system32\dllhost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2108)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\PROGRA~1\KASPER~2\KASPER~1\mzvkbd.dll]  [Kaspersky Lab, 8.0.0.454]
    [C:\PROGRA~1\KASPER~2\KASPER~1\mzvkbd3.dll]  [Kaspersky Lab, 8.0.0.454]
    [C:\PROGRA~1\KASPER~2\KASPER~1\adialhk.dll]  [Kaspersky Lab, 8.0.0.454]
    [C:\PROGRA~1\KASPER~2\KASPER~1\kloehk.dll]  [Kaspersky Lab, 8.0.0.454]
[PID: 3552 / NETWORK SERVICE][C:\WINDOWS\system32\msdtc.exe]  [(Verified) Microsoft Corporation, 2001.12.4414.700]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\PROGRA~1\KASPER~2\KASPER~1\mzvkbd.dll]  [Kaspersky Lab, 8.0.0.454]
    [C:\PROGRA~1\KASPER~2\KASPER~1\mzvkbd3.dll]  [Kaspersky Lab, 8.0.0.454]
    [C:\PROGRA~1\KASPER~2\KASPER~1\adialhk.dll]  [Kaspersky Lab, 8.0.0.454]
    [C:\PROGRA~1\KASPER~2\KASPER~1\kloehk.dll]  [Kaspersky Lab, 8.0.0.454]
[PID: 3736 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 7.00.6000.16735 (vista_gdr.080820-1506)]
    [C:\PROGRA~1\KASPER~2\KASPER~1\mzvkbd.dll]  [Kaspersky Lab, 8.0.0.454]
    [C:\PROGRA~1\KASPER~2\KASPER~1\mzvkbd3.dll]  [Kaspersky Lab, 8.0.0.454]
    [C:\PROGRA~1\KASPER~2\KASPER~1\adialhk.dll]  [Kaspersky Lab, 8.0.0.454]
    [C:\PROGRA~1\KASPER~2\KASPER~1\kloehk.dll]  [Kaspersky Lab, 8.0.0.454]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\Program Files\360safe\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1005]
    [C:\WINDOWS\system32\AcSignIcon.dll]  [Autodesk, 16.0.0.86]
    [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 8.0.0.2006102200]
    [C:\Program Files\GetRight\xx2gr.dll]  [Headlight Software, Inc., 6.3a]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll]  [Kaspersky Lab, 8.0.0.454]
    [C:\Program Files\Xi\NetXfer\NXIEHelper.dll]  [Xi, 2.22.310]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\scrchpg.dll]  [Kaspersky Lab, 8.0.0.454]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\klscav.dll]  [Kaspersky Lab, 8.0.0.454]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\prremote.dll]  [Kaspersky Lab, 8.0.0.454]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\prloader.dll]  [Kaspersky Lab, 8.0.0.454]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\prkernel.ppl]  [Kaspersky Lab, 8.0.0.454]
    [c:\program files\kaspersky lab\kaspersky internet security 2009\params.ppl]  [Kaspersky Lab, 8.0.0.454]
    [c:\program files\kaspersky lab\kaspersky internet security 2009\pxstub.ppl]  [Kaspersky Lab, 8.0.0.454]
    [c:\program files\kaspersky lab\kaspersky internet security 2009\tempfile.ppl]  [Kaspersky Lab, 8.0.0.454]
    [C:\WINDOWS\system32\JPWB.IME]  [常诚研制, 4.00.950]
    [c:\program files\kaspersky lab\kaspersky internet security 2009\nfio.ppl]  [Kaspersky Lab, 8.0.0.454]
    [c:\program files\kaspersky lab\kaspersky internet security 2009\fsdrvplg.ppl]  [Kaspersky Lab, 8.0.0.454]
    [c:\program files\kaspersky lab\kaspersky internet security 2009\fssync.dll]  [Kaspersky Lab, 8.0.5.454]
    [c:\program files\kaspersky lab\kaspersky internet security 2009\basegui.ppl]  [Kaspersky Lab, 8.0.0.454]
    [c:\program files\kaspersky lab\kaspersky internet security 2009\thpimpl.ppl]  [Kaspersky Lab, 8.0.0.454]
    [c:\program files\kaspersky lab\kaspersky internet security 2009\winreg.ppl]  [Kaspersky Lab, 8.0.0.454]
[PID: 3032 / Administrator][C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe]  [Microsoft Corporation, 4.200.520.1]
    [C:\PROGRA~1\KASPER~2\KASPER~1\mzvkbd.dll]  [Kaspersky Lab, 8.0.0.454]
    [C:\PROGRA~1\KASPER~2\KASPER~1\mzvkbd3.dll]  [Kaspersky Lab, 8.0.0.454]
    [C:\PROGRA~1\KASPER~2\KASPER~1\adialhk.dll]  [Kaspersky Lab, 8.0.0.454]
    [C:\PROGRA~1\KASPER~2\KASPER~1\kloehk.dll]  [Kaspersky Lab, 8.0.0.454]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\Program Files\360safe\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1005]
[PID: 3296 / Administrator][C:\Program Files\System Repair Engineer日志专业扫描\SREngLdr.EXE]  [Smallfrogs Studio, 2.7.0.1210]
[PID: 928 / Administrator][C:\Program Files\System Repair Engineer日志专业扫描\SRE5adef2a7.EXE]  [Smallfrogs Studio, 2.7.0.1210]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\Program Files\360safe\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1005]
    [C:\Program Files\System Repair Engineer日志专业扫描\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
gototop
 
aaccbbdd
头像
卡卡巡查
  • 帖子:45933
  • 注册: 2007-11-17
  • 来自:蜀山仙剑派
论坛8周年活动礼物卡卡名人堂祖国六十华诞09欢乐圣诞吃货勋章2012我眼中的你们幸福玫瑰
发表于: 2008-10-31 22:58 | 短消息 资料
字号: 3楼

回复:怀疑中毒了,扫个SR日志,请大家帮忙看看,!!!不胜感激之至!!!

<AppInit_DLLs><C:\PROGRA~1\KASPER~2\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~2\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~2\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~2\KASPER~1\kloehk.dll>  [File is missing]

从已上传部分
看起来正常
gototop
 
天使楚楚
头像
初生襁褓狮
  • 帖子:39
  • 注册: 2006-10-18
  • 来自:
发表于: 2008-10-31 22:59 | 只看楼主 短消息 资料
字号: 4楼

回复:怀疑中毒了,扫个SR日志,请大家帮忙看看,!!!不胜感激之至!!!

==================================
文件关联
.TXT  Error. [C:\WINDOWS\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  Error. [AutoCADScriptFile]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
127.0.0.1                    localhost
127.0.0.1                    008.cn
127.0.0.1                    ultimate-best-hgh.0my.net
127.0.0.1                    www.139500.com
127.0.0.1                    www.1yin.net
127.0.0.1                    2qq.cn
127.0.0.1                    www.37021.com
127.0.0.1                    www.47555.net
127.0.0.1                    www.511ring.com
127.0.0.1                    me.5e163.com
127.0.0.1                    www.777888.com
127.0.0.1                    www.77ttt.com
127.0.0.1                    www.9p.cn
127.0.0.1                    abcdesign.ru
127.0.0.1                    gutemine.wu-wien.ac.at
127.0.0.1                    math.kobe-u.ac.jp
127.0.0.1                    www.aifind.info
127.0.0.1                    www.allyes.com
127.0.0.1                    www.aogo.net
127.0.0.1                    baltnet.ru
127.0.0.1                    quotes.barchart.com
127.0.0.1                    free.bestialityhost.com
127.0.0.1                    cctv1.net
127.0.0.1                    cctv8.net
127.0.0.1                    www.cctv8.net
127.0.0.1                    ciachoo.pl
127.0.0.1                    www.play.cn.gs
127.0.0.1                    www.cnqb.net
127.0.0.1                    www.feixue.net
127.0.0.1                    www.xiliao.com.cn
127.0.0.1                    alexey.pioneers.com.ru
127.0.0.1                    www.coolcdrom.com
127.0.0.1                    www.coolseach.com
127.0.0.1                    puldk490gj.da.ru
127.0.0.1                    dicto.ru
127.0.0.1                    www.dj3344.com
127.0.0.1                    www.donttrip.org
127.0.0.1                    www.ehomeday.com
127.0.0.1                    elemental.ru
127.0.0.1                    errorguard.com
127.0.0.1                    friendlygreeting.com
127.0.0.1                    zhp.gdynia.pl
127.0.0.1                    www.gg888.net
127.0.0.1                    gin.ru
127.0.0.1                    www.girlchinese.com
127.0.0.1                    glass-master.ru
127.0.0.1                    photo.gornet.ru
127.0.0.1                    relay.great.ru
127.0.0.1                    hack-gegen-rechts.com
127.0.0.1                    hgrstrailer.com
127.0.0.1                    www.homepage.com
127.0.0.1                    hotbar.com
127.0.0.1                    intellect.lvc
127.0.0.1                    interfoodtd.ru
127.0.0.1                    jewishgen.org
127.0.0.1                    www.jixian.net
127.0.0.1                    k2kapital.com
127.0.0.1                    security.kolla.de
127.0.0.1                    www.kuliao.com
127.0.0.1                    laugh-mail.net
127.0.0.1                    7b.com.cn
127.0.0.1                    9505.com
127.0.0.1                    www.piaoxue.com
127.0.0.1                    marketscore.com
127.0.0.1                    www.mir0.com
127.0.0.1                    momentum.ru
127.0.0.1                    www.mtv51.com
127.0.0.1                    www.mydj2005.com
127.0.0.1                    nefkom.net
127.0.0.1                    no-abi2003.de
127.0.0.1                    tdi-router.opola.pl
127.0.0.1                    packages.debian.or.jp
127.0.0.1                    perfectgirls.net
127.0.0.1                    peterstar.ru
127.0.0.1                    pgipearls.com
127.0.0.1                    phg.pl
127.0.0.1                    vip.pnet.pl
127.0.0.1                    sec.polbox.pl
127.0.0.1                    polobeer.de
127.0.0.1                    porno-mania.net
127.0.0.1                    home.profootball.ru
127.0.0.1                    qianbai.com
127.0.0.1                    ad.qingyule.com
127.0.0.1                    www.qq168.net
127.0.0.1                    www.qq3344.com
127.0.0.1                    www.qq92.com
127.0.0.1                    www.qqwz.com
127.0.0.1                    www.qu123.com
127.0.0.1                    republika.pl
127.0.0.1                    www.richfind.com
127.0.0.1                    rollenspielzirkel.de
127.0.0.1                    safer-networking.org
127.0.0.1                    sdsauto.ru
127.0.0.1                    www.searchpage.cc
127.0.0.1                    www.seekeasysoft.net
127.0.0.1                    shadkhan.ru
127.0.0.1                    slavarik.ru
127.0.0.1                    sovea.de
127.0.0.1                    spybot.info
127.0.0.1                    www.start-page.info
127.0.0.1                    lars-s.privat.t-online.de
127.0.0.1                    u.t2cn.com
127.0.0.1                    www.7939.com
127.0.0.1                    www.4199.com
127.0.0.1                    www.3448.com
127.0.0.1                    www.6781.com
127.0.0.1                    it.trendmicro-europe.com
127.0.0.1                    trendmicro.it
127.0.0.1                    truefriends.net
127.0.0.1                    www.tthao.com
127.0.0.1                    www.ttrx.net
127.0.0.1                    tuhart.net
127.0.0.1                    www.unionsky.cn
127.0.0.1                    www.unionsky.com
127.0.0.1                    www.unionsky.net
127.0.0.1                    vconsole.net
127.0.0.1                    virtumonde.com
127.0.0.1                    gamma.vyborg.ru
127.0.0.1                    financial.washingtonpost.com
127.0.0.1                    webpark.pl
127.0.0.1                    wishken.com
127.0.0.1                    www.yeapple.com
127.0.0.1                    www.yibinren.com
127.0.0.1                    www.youmiss.com
127.0.0.1                    www.yysky.net
127.0.0.1                    zelnet.ru
127.0.0.1                    www.zhengdian.com
127.0.0.1                    abc.265.com
127.0.0.1                    555.265.com
127.0.0.1                    www.baidu345.com
127.0.0.1                    www.37ss.com
127.0.0.1                    my123.com
127.0.0.1                    11.woyao918.com/aa6.htm
==================================
进程特权扫描
特殊特权被允许: SeLoadDriverPrivilege [PID = 664, C:\WINDOWS\SYSTEM32\WINLOGON.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1116, C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1156, C:\PROGRAM FILES\SUPER RABBIT\MAGICSET\SRIECLI.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3296, C:\PROGRAM FILES\SYSTEM REPAIR ENGINEER日志专业扫描\SRENGLDR.EXE]
==================================
计划任务
[已启用] OGADaily.job
        C:\WINDOWS\system32\OGAVerify.exe
[已启用] OGALogon.job
        C:\WINDOWS\system32\OGAVerify.exe
==================================
API HOOK
N/A
==================================
隐藏进程
N/A
==================================
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT