瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 真是邪得很,还是没防住,帮我看看,中木马了!

12   1  /  2  页   跳转

真是邪得很,还是没防住,帮我看看,中木马了!

收藏
andyguo
头像
初生襁褓狮
  • 帖子:16
  • 注册: 2007-05-08
  • 来自:
发表于: 2007-05-12 12:19 | 只看楼主 短消息 资料
字号: 1楼

真是邪得很,还是没防住,帮我看看,中木马了!

真是邪得很,还是没防住,帮我看看,中木马了!

[CODE]

2007-05-12,11:56:54

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <KavPFW><"C:\KAV2007\KPFW32.EXE">  [Kingsoft Corporation]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <SoundMAXPnP><C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe>  [Analog Devices, Inc.]
    <SoundMAX><"C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray>  [Analog Devices, Inc.]
    <ShareShield><D:\Program Files\ChinaStar\ShareShield\ssgui.exe -auto>  []
    <KavStart><"C:\KAV2007\KAVStart.exe" -startup>  [Kingsoft Corporation]
    <Microsoft Pinyin IME Migration><C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL>  [(Verified)Microsoft Corporation]
    <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <nwiz><nwiz.exe /install>  [NVIDIA Corporation]
    <NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit>  [(Verified)Microsoft Windows Publisher]
    <Google IME Autoupdater><C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe>  [(Verified)Google Inc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\UserInit.exe,>  [(Verified)Microsoft Windows Publisher]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]

==================================
启动文件夹
N/A

==================================
服务
[Ati HotKey Poller / Ati HotKey Poller][Stopped/Auto Start]
  <C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[ATI Smart / ATI Smart][Stopped/Auto Start]
  <C:\WINDOWS\system32\ati2sgag.exe><>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Kingsoft Personal Firewall Service / KPfwSvc][Running/Auto Start]
  <"C:\KAV2007\KPfwSvc.EXE"><Kingsoft Corporation>
[Kingsoft Antivirus KWatch Service / KWatchSvc][Running/Auto Start]
  <C:\KAV2007\KWatch.EXE><Kingsoft Corporation>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Remote Packet Capture Protocol v.0 (experimental) / rpcapd][Stopped/Manual Start]
  <"C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini"><N/A>
[SoundMAX Agent Service / SoundMAX Agent Service (default)][Running/Auto Start]
  <C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe><Analog Devices, Inc.>

==================================
驱动程序
[aeaudio / aeaudio][Running/Manual Start]
  <system32\drivers\aeaudio.sys><Andrea Electronics Corporation>
[ati2mtag / ati2mtag][Stopped/Manual Start]
  <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[Broadcom 440x 10/100 Integrated Controller XP Driver / bcm4sbxp][Running/Manual Start]
  <system32\DRIVERS\bcm4sbxp.sys><Broadcom Corporation>
[Ctrl2cap / Ctrl2cap][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\Ctrl2cap.sys><N/A>
[EagleNT / EagleNT][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\EagleNT.sys><N/A>
[KNetWch / KNetWch][Running/System Start]
  <\??\C:\KAV2007\KNetWch.SYS><Kingsoft Corporation>
[KWatch3 / KWatch3][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\KWatch3.SYS><Kingsoft Corporation>
[MidiSyn / MidiSyn][Stopped/Manual Start]
  <system32\drivers\MidiSyn.sys><Analog Devices, Inc.>
[NetGroup Packet Filter Driver / NPF][Stopped/Manual Start]
  <system32\drivers\npf.sys><CACE Technologies>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\D:\Program Files\Tencent\qq\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[oreans32 / oreans32][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\oreans32.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[senfilt / senfilt][Running/Manual Start]
  <system32\drivers\senfilt.sys><Sensaura>
[ShareShield Filter Miniport / SFilter][Running/Manual Start]
  <system32\DRIVERS\ssfilter.sys><Microsoft Corporation>
[smwdm / smwdm][Running/Manual Start]
  <system32\drivers\smwdm.sys><Analog Devices, Inc.>

==================================
浏览器加载项
[WebThunder Browser Helper]
  {00000AAA-A363-466E-BEF5-9BB68697AA7F} <C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_016.dll, Thunder Networking Technologies,LTD>
[FGCatchUrl]
  {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <D:\Program Files\FlashGet\jccatch.dll, www.flashget.com>
[CBrowseStakeout Class]
  {55302805-482E-470E-8A57-6795A1487F90} <C:\KAV2007\KAVAFish.DLL, Kingsoft Corporation>
[FlashGet GetFlash Class]
  {F156768E-81EF-470C-9057-481BA8380DBA} <d:\Program Files\FlashGet\getflash.dll, www.flashget.com>
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL, Microsoft Corporation>
[启动Web迅雷]
  {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} <http://my.xunlei.com, N/A>
[快车]
  {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <d:\Program Files\FlashGet\FlashGet.exe, FlashGet.com>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[Edit Class]
  {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <C:\WINDOWS\system32\CMBEdit.dll, >
[TVAnts ActiveX Control]
  {4C833081-D026-4FF8-968F-7EAB660D2FBA} <C:\PROGRA~1\TVAntsX\TvantsX.ocx, Zhejiang University>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[PasswordEditCtrl Class]
  {E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技(深圳)有限公司>
[金山毒霸在线产品升级]
  {E847C78C-C210-4195-8799-FBF3BF89797D} <C:\PROGRA~1\KOS\KOSInit.OCX, 金山软件股份有限公司>
[WebThunder Browser Helper]
  {00000AAA-A363-466E-BEF5-9BB68697AA7F} <C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_016.dll, Thunder Networking Technologies,LTD>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[FGCatchUrl]
  {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <D:\Program Files\FlashGet\jccatch.dll, www.flashget.com>
[Shell Name Space]
  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[CBrowseStakeout Class]
  {55302805-482E-470E-8A57-6795A1487F90} <C:\KAV2007\KAVAFish.DLL, Kingsoft Corporation>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[FlashGet GetFlash Class]
  {F156768E-81EF-470C-9057-481BA8380DBA} <d:\Program Files\FlashGet\getflash.dll, www.flashget.com>
[FGCatchUrl]
  {FB5DA724-162B-11D3-8B9B-AA70B4B0B524} <D:\Program Files\FlashGet\jccatch.dll, www.flashget.com>
[&V使用Vagaa哇嘎下载]
  <D:\Program Files\Vagaa\Data\vg.htm, N/A>
[&使用快车(FlashGet)下载]
  <D:\Program Files\FlashGet\jc_link.htm, N/A>
[&使用快车(FlashGet)下载全部链接]
  <D:\Program Files\FlashGet\jc_all.htm, N/A>
[上传到QQ网络硬盘]
  <D:\Program Files\Tencent\qq\AddToNetDisk.htm, N/A>
[使用Web迅雷下载]
  <C:\Program Files\Thunder Network\WebThunder\GetUrl.htm, N/A>
[使用Web迅雷下载全部链接]
  <C:\Program Files\Thunder Network\WebThunder\GetAllUrl.htm, N/A>
[导出到 Microsoft Excel(&X)]
  <res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
  <D:\Program Files\Tencent\qq\AddPanel.htm, N/A>
[添加到QQ表情]
  <D:\Program Files\Tencent\qq\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <D:\Program Files\Tencent\qq\SendMMS.htm, N/A>
[金山毒霸反钓鱼...]
  <C:\KAV2007\KAF\ShowSet.htm, N/A>
最后编辑2007-05-13 23:29:22
分享到:
gototop
 
andyguo
头像
初生襁褓狮
  • 帖子:16
  • 注册: 2007-05-08
  • 来自:
发表于: 2007-05-12 12:21 | 只看楼主 短消息 资料
字号: 2楼

==================================
正在运行的进程
[PID: 356][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 424][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1492][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Internet Explorer\PLUGINS\HiJack.dll]  [Microsoft Corporation, 1. 0. 0. 1]
    [C:\DOCUME~1\gfc\LOCALS~1\Temp\wdso0.dll]  [N/A, ]
    [C:\DOCUME~1\gfc\LOCALS~1\Temp\woso0.dll]  [N/A, ]
    [C:\DOCUME~1\gfc\LOCALS~1\Temp\ztso0.dll]  [N/A, ]
    [C:\DOCUME~1\gfc\LOCALS~1\Temp\fyso0.dll]  [N/A, ]
    [C:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2006, 12, 21, 241]
    [C:\DOCUME~1\gfc\LOCALS~1\Temp\qjso0.dll]  [N/A, ]
    [C:\DOCUME~1\gfc\LOCALS~1\Temp\wmso0.dll]  [N/A, ]
    [C:\DOCUME~1\gfc\LOCALS~1\Temp\wgso0.dll]  [N/A, ]
    [C:\DOCUME~1\gfc\LOCALS~1\Temp\wlso0.dll]  [N/A, ]
    [C:\DOCUME~1\gfc\LOCALS~1\Temp\jtso0.dll]  [N/A, ]
    [C:\KAV2007\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 12, 1, 139]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\DOCUME~1\gfc\LOCALS~1\Temp\rxso0.dll]  [N/A, ]
    [C:\DOCUME~1\gfc\LOCALS~1\Temp\tlso0.dll]  [N/A, ]
    [C:\WINDOWS\system32\nvcpl.dll]  [NVIDIA Corporation, 6.14.10.6693]
    [C:\WINDOWS\system32\NVRSZHC.DLL]  [NVIDIA Corporation, 6.14.10.6693]
    [C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll]  [, 2, 0, 0, 0]
    [C:\WINDOWS\system32\nvshell.dll]  [NVIDIA Corporation, 6.14.10.6693]
    [C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_016.dll]  [Thunder Networking Technologies,LTD, 6, 0, 0, 5]
[PID: 1444][C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe]  [Analog Devices, Inc., 5, 0, 2, 2]
    [C:\Program Files\Analog Devices\SoundMAX\SMWDMIF.dll]  [Analog Devices, Inc., 5, 0, 3, 000]
    [C:\KAV2007\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 12, 1, 139]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2006, 12, 21, 241]
[PID: 1728][D:\Program Files\ChinaStar\ShareShield\ssgui.exe]  [, 2, 1, 0, 0]
    [D:\Program Files\ChinaStar\ShareShield\winfw.dll]  [N/A, ]
    [C:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2006, 12, 21, 241]
    [D:\Program Files\ChinaStar\ShareShield\ssnet.dll]  [ShareShield, 1, 0, 0, 1]
    [C:\KAV2007\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 12, 1, 139]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\DOCUME~1\gfc\LOCALS~1\Temp\tlso0.dll]  [N/A, ]
    [C:\DOCUME~1\gfc\LOCALS~1\Temp\rxso0.dll]  [N/A, ]
    [C:\DOCUME~1\gfc\LOCALS~1\Temp\jtso0.dll]  [N/A, ]
    [C:\DOCUME~1\gfc\LOCALS~1\Temp\qjso0.dll]  [N/A, ]
    [C:\DOCUME~1\gfc\LOCALS~1\Temp\wmso0.dll]  [N/A, ]
    [C:\DOCUME~1\gfc\LOCALS~1\Temp\wgso0.dll]  [N/A, ]
    [C:\DOCUME~1\gfc\LOCALS~1\Temp\wlso0.dll]  [N/A, ]
    [C:\DOCUME~1\gfc\LOCALS~1\Temp\fyso0.dll]  [N/A, ]
    [C:\DOCUME~1\gfc\LOCALS~1\Temp\ztso0.dll]  [N/A, ]
    [C:\DOCUME~1\gfc\LOCALS~1\Temp\woso0.dll]  [N/A, ]
    [C:\DOCUME~1\gfc\LOCALS~1\Temp\wdso0.dll]  [N/A, ]
[PID: 1736][C:\KAV2007\KAVStart.exe]  [Kingsoft Corporation, 2007, 4, 9, 269]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MFC71CHS.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\KAV2007\KAVIPC2.DLL]  [Kingsoft Corporation, 2007, 1, 15, 30]
    [C:\KAV2007\SvcTimer.DLL]  [Kingsoft Corporation, 2006.12.22.84]
    [C:\KAV2007\KAVPassp.dll]  [Kingsoft Corporation, 2006, 12, 30, 271]
    [C:\KAV2007\PopSprt3.dll]  [Kingsoft Corporation, 2007, 1, 16, 45]
    [C:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2006, 12, 21, 241]
[PID: 1796][C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe]  [Google Inc., 1, 0, 0, 1]
    [C:\WINDOWS\system32\GooglePinyin.ime]  [Google Inc., ]
    [C:\KAV2007\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 12, 1, 139]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2006, 12, 21, 241]
[PID: 556][C:\KAV2007\KMailMon.EXE]  [Kingsoft Corporation, 2007, 2, 25, 948]
    [C:\KAV2007\KAntiSpm.dll]  [Kingsoft Corporation, 2007, 2, 25, 129]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\KAV2007\KAVIPC2.DLL]  [Kingsoft Corporation, 2007, 1, 15, 30]
    [C:\KAV2007\KAECall2.DLL]  [Kingsoft Corporation, 2004, 12, 28, 7]
    [C:\KAV2007\KAEPlat.DLL]  [Kingsoft Corp., 2007, 2, 4, 61]
    [C:\KAV2007\KAEMem.DAT]  [Kingsoft, 2006, 9, 25, 16]
    [C:\KAV2007\KAEUnpack.DAT]  [Kingsoft Corp., 2007, 4, 12, 116]
    [C:\KAV2007\KAConfig.DLL]  [Kingsoft Corporation, 2007, 1, 11, 41]
    [C:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2006, 12, 21, 241]
    [C:\KAV2007\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 12, 1, 139]
[PID: 1160][C:\KAV2007\KPFW32.EXE]  [Kingsoft Corporation, 2007, 2, 2, 687]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MFC71CHS.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\KAV2007\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 12, 1, 139]
    [C:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2006, 12, 21, 241]
    [C:\KAV2007\KAVIPC2.DLL]  [Kingsoft Corporation, 2007, 1, 15, 30]
    [C:\KAV2007\KAConfig.DLL]  [Kingsoft Corporation, 2007, 1, 11, 41]
    [C:\KAV2007\FiltList.dll]  [N/A, ]
    [C:\KAV2007\KAVPassp.DLL]  [Kingsoft Corporation, 2006, 12, 30, 271]
    [C:\KAV2007\KAScript.DLL]  [Kingsoft Corporation, 2007, 3, 6, 75]
    [C:\DOCUME~1\gfc\LOCALS~1\Temp\tlso0.dll]  [N/A, ]
    [C:\DOCUME~1\gfc\LOCALS~1\Temp\rxso0.dll]  [N/A, ]
    [C:\DOCUME~1\gfc\LOCALS~1\Temp\jtso0.dll]  [N/A, ]
    [C:\DOCUME~1\gfc\LOCALS~1\Temp\qjso0.dll]  [N/A, ]
    [C:\DOCUME~1\gfc\LOCALS~1\Temp\wmso0.dll]  [N/A, ]
    [C:\DOCUME~1\gfc\LOCALS~1\Temp\wgso0.dll]  [N/A, ]
    [C:\DOCUME~1\gfc\LOCALS~1\Temp\wlso0.dll]  [N/A, ]
    [C:\DOCUME~1\gfc\LOCALS~1\Temp\fyso0.dll]  [N/A, ]
    [C:\DOCUME~1\gfc\LOCALS~1\Temp\ztso0.dll]  [N/A, ]
    [C:\DOCUME~1\gfc\LOCALS~1\Temp\woso0.dll]  [N/A, ]
    [C:\DOCUME~1\gfc\LOCALS~1\Temp\wdso0.dll]  [N/A, ]
[PID: 1292][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\KAV2007\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 12, 1, 139]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2006, 12, 21, 241]
[PID: 2468][C:\progra~1\intern~1\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\KAV2007\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 12, 1, 139]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2006, 12, 21, 241]
    [C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_016.dll]  [Thunder Networking Technologies,LTD, 6, 0, 0, 5]
    [D:\Program Files\FlashGet\jccatch.dll]  [www.flashget.com, 1, 8, 1, 1006]
    [C:\KAV2007\KAVAFish.DLL]  [Kingsoft Corporation, 2006, 10, 25, 27]
    [d:\Program Files\FlashGet\getflash.dll]  [www.flashget.com, 1, 8, 1, 1002]
[PID: 852][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\KAV2007\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 12, 1, 139]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2006, 12, 21, 241]
    [C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_016.dll]  [Thunder Networking Technologies,LTD, 6, 0, 0, 5]
    [D:\Program Files\FlashGet\jccatch.dll]  [www.flashget.com, 1, 8, 1, 1006]
    [C:\KAV2007\KAVAFish.DLL]  [Kingsoft Corporation, 2006, 10, 25, 27]
    [d:\Program Files\FlashGet\getflash.dll]  [www.flashget.com, 1, 8, 1, 1002]
    [C:\DOCUME~1\gfc\LOCALS~1\Temp\tlso0.dll]  [N/A, ]
    [C:\DOCUME~1\gfc\LOCALS~1\Temp\rxso0.dll]  [N/A, ]
    [C:\DOCUME~1\gfc\LOCALS~1\Temp\jtso0.dll]  [N/A, ]
    [C:\DOCUME~1\gfc\LOCALS~1\Temp\qjso0.dll]  [N/A, ]
    [C:\DOCUME~1\gfc\LOCALS~1\Temp\wmso0.dll]  [N/A, ]
    [C:\DOCUME~1\gfc\LOCALS~1\Temp\wgso0.dll]  [N/A, ]
    [C:\DOCUME~1\gfc\LOCALS~1\Temp\wlso0.dll]  [N/A, ]
    [C:\DOCUME~1\gfc\LOCALS~1\Temp\fyso0.dll]  [N/A, ]
    [C:\DOCUME~1\gfc\LOCALS~1\Temp\ztso0.dll]  [N/A, ]
    [C:\DOCUME~1\gfc\LOCALS~1\Temp\woso0.dll]  [N/A, ]
    [C:\DOCUME~1\gfc\LOCALS~1\Temp\wdso0.dll]  [N/A, ]
    [C:\KAV2007\KAScript.DLL]  [Kingsoft Corporation, 2007, 3, 6, 75]
    [C:\KAV2007\KAEPlat.DLL]  [Kingsoft Corp., 2007, 2, 4, 61]
    [C:\KAV2007\KAEMem.DAT]  [Kingsoft, 2006, 9, 25, 16]
    [C:\KAV2007\KAEUnpack.DAT]  [Kingsoft Corp., 2007, 4, 12, 116]
    [C:\WINDOWS\system32\GOOGLEPINYIN.IME]  [Google Inc., ]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
[PID: 3544][C:\KAV2007\KASMain.EXE]  [Kingsoft Corporation, 2007, 3, 17, 123]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MFC71CHS.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\KAV2007\KAVIPC2.DLL]  [Kingsoft Corporation, 2007, 1, 15, 30]
    [C:\KAV2007\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 12, 1, 139]
    [C:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2006, 12, 21, 241]
    [C:\DOCUME~1\gfc\LOCALS~1\Temp\tlso0.dll]  [N/A, ]
    [C:\DOCUME~1\gfc\LOCALS~1\Temp\rxso0.dll]  [N/A, ]
    [C:\DOCUME~1\gfc\LOCALS~1\Temp\jtso0.dll]  [N/A, ]
    [C:\DOCUME~1\gfc\LOCALS~1\Temp\qjso0.dll]  [N/A, ]
    [C:\DOCUME~1\gfc\LOCALS~1\Temp\wmso0.dll]  [N/A, ]
    [C:\DOCUME~1\gfc\LOCALS~1\Temp\wgso0.dll]  [N/A, ]
    [C:\DOCUME~1\gfc\LOCALS~1\Temp\wlso0.dll]  [N/A, ]
    [C:\DOCUME~1\gfc\LOCALS~1\Temp\fyso0.dll]  [N/A, ]
    [C:\DOCUME~1\gfc\LOCALS~1\Temp\ztso0.dll]  [N/A, ]
    [C:\DOCUME~1\gfc\LOCALS~1\Temp\woso0.dll]  [N/A, ]
    [C:\DOCUME~1\gfc\LOCALS~1\Temp\wdso0.dll]  [N/A, ]
gototop
 
andyguo
头像
初生襁褓狮
  • 帖子:16
  • 注册: 2007-05-08
  • 来自:
发表于: 2007-05-12 12:22 | 只看楼主 短消息 资料
字号: 3楼

[PID: 3020][F:\sreng2-反IE劫持扫描\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [C:\KAV2007\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 12, 1, 139]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2006, 12, 21, 241]
    [C:\DOCUME~1\gfc\LOCALS~1\Temp\tlso0.dll]  [N/A, ]
    [C:\DOCUME~1\gfc\LOCALS~1\Temp\rxso0.dll]  [N/A, ]
    [C:\DOCUME~1\gfc\LOCALS~1\Temp\jtso0.dll]  [N/A, ]
    [C:\DOCUME~1\gfc\LOCALS~1\Temp\qjso0.dll]  [N/A, ]
    [C:\DOCUME~1\gfc\LOCALS~1\Temp\wmso0.dll]  [N/A, ]
    [C:\DOCUME~1\gfc\LOCALS~1\Temp\wgso0.dll]  [N/A, ]
    [C:\DOCUME~1\gfc\LOCALS~1\Temp\wlso0.dll]  [N/A, ]
    [C:\DOCUME~1\gfc\LOCALS~1\Temp\fyso0.dll]  [N/A, ]
    [C:\DOCUME~1\gfc\LOCALS~1\Temp\ztso0.dll]  [N/A, ]
    [C:\DOCUME~1\gfc\LOCALS~1\Temp\woso0.dll]  [N/A, ]
    [C:\DOCUME~1\gfc\LOCALS~1\Temp\wdso0.dll]  [N/A, ]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]
gototop
 
枫笑九洲
头像
强壮不惑狮
  • 帖子:881
  • 注册: 2007-03-19
  • 来自:
发表于: 2007-05-12 13:10 | 短消息 资料
字号: 4楼

下载ICESWORD:http://www.onlinedown.net/soft/4523.htm
下载Winsockfix:http://www.onlinedown.net/soft/35272.htm


如下项目:


在sreng的启动项目里可以删

==========================================================================================
在SERng中 点 启动项目 --> 服务 --> 驱动程序或者服务 进入后 (勾选 隐藏已认证的微软项目),用

鼠标左键在对应要修复的项上单击 然后点“设置” 按钮即可(注意到最后弹出的窗口中要点 “NO 否”

才是确认删除驱动。)
删除如下项目:
[oreans32 / oreans32][Running/System Start]
<\??\C:\WINDOWS\system32\drivers\oreans32.sys><N/A>


==========================================================================================
用冰刃强制删除以下文件:
C:\WINDOWS\system32\drivers\oreans32.sys
==========================================================================================
在注册表里搜索oreans32找到的所有项删,删不掉的用冰刃
==========================================================================================

清空临时文件夹里面的所有东西,包括
C:\Documents and Settings\<用户名>\Local Settings\Temp
C:\WINDOWS\TEMP
Internet临时文件夹(控制面板--〉“Internet选项”---〉“删除文件”---〉勾选“包括临时文件夹”

--〉确定)
==========================================================================================
如果发现无法上网请用刚才下载的WINSOCKFIX修复
gototop
 
火影忍者
头像
横据古稀狮
  • 帖子:7855
  • 注册: 2006-06-29
  • 来自:火星
发表于: 2007-05-12 13:18 | 短消息 资料
字号: 5楼

[oreans32 / oreans32][Running/System Start]
<\??\C:\WINDOWS\system32\drivers\oreans32.sys><N/A>

这项不用删...
gototop
 
枫笑九洲
头像
强壮不惑狮
  • 帖子:881
  • 注册: 2007-03-19
  • 来自:
发表于: 2007-05-12 13:20 | 短消息 资料
字号: 6楼

引用:
【火影忍者的贴子】[oreans32 / oreans32][Running/System Start]
<\??\C:\WINDOWS\system32\drivers\oreans32.sys><N/A>

这项不用删...
………………

这个不是病毒吗?
gototop
 
火影忍者
头像
横据古稀狮
  • 帖子:7855
  • 注册: 2006-06-29
  • 来自:火星
发表于: 2007-05-12 13:32 | 短消息 资料
字号: 7楼

不是..正常的..
gototop
 
枫笑九洲
头像
强壮不惑狮
  • 帖子:881
  • 注册: 2007-03-19
  • 来自:
发表于: 2007-05-12 13:34 | 短消息 资料
字号: 8楼

baidu上都说是病毒啊,

而且我的机器上原来有那个,删掉后也没见系统出什么事的
gototop
 
火影忍者
头像
横据古稀狮
  • 帖子:7855
  • 注册: 2006-06-29
  • 来自:火星
发表于: 2007-05-12 13:39 | 短消息 资料
字号: 9楼

不是的..那个是AntiARP Sniffer的驱动
gototop
 
loveperday
头像
初生襁褓狮
  • 帖子:824
  • 注册: 2007-05-11
  • 来自:
发表于: 2007-05-12 14:55 | 短消息 资料
字号: 10楼

这个病毒是随服务启动的?启动项里没看见。。
gototop
 
<<上一主题|下一主题>>
12   1  /  2  页   跳转
页面顶部
Powered by Discuz!NT