瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 高手们来帮忙看一下~~急~急~急 附日志

1   1  /  1  页   跳转

高手们来帮忙看一下~~急~急~急 附日志

收藏
vishno
头像
初生襁褓狮
  • 帖子:18
  • 注册: 2007-03-31
  • 来自:
发表于: 2007-07-30 23:25 | 只看楼主 短消息 资料
字号: 1楼

高手们来帮忙看一下~~急~急~急 附日志

[CODE]

2007-07-30,23:07:35

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <iDuba Personal FireWall><C:\KAV6\Kavpfw.EXE>  [Kingsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <SoundMan><SOUNDMAN.EXE>  [Realtek Semiconductor Corp.]
    <KAVRun><C:\KAV6\KAVRun.EXE>  [kingsoft]
    <Kulansyn><C:\KAV6\Kulansyn.EXE>  [Kingsoft Corp.]
    <KpopMon><C:\KAV6\KpopMon.EXE>  []
    <iDuba Personal FireWall><C:\KAV6\Kavpfw.EXE>  [Kingsoft Corporation]
    <IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>  [(Verified)Microsoft Corporation]
    <KernelFaultCheck><%systemroot%\system32\dumprep 0 -k>  [N/A]
    <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    <N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install>  [Microsoft Corporation]

==================================
启动文件夹
N/A

==================================
服务
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
  <C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
  <"C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe"><Macrovision Corporation>
[Kingsoft AntiVirus Service / KAVSvc][Running/Auto Start]
  <C:\KAV6\KAVSvc.EXE><kingsoft Antivirus>
[LightScribeService Direct Disc Labeling Service / LightScribeService][Running/Auto Start]
  <"C:\Program Files\Common Files\LightScribe\LSSrvc.exe"><Hewlett-Packard Company>
[NBService / NBService][Stopped/Manual Start]
  <C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe><Nero AG>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[P4P Service / P4P Service][Running/Auto Start]
  <C:\Program Files\Common Files\Sogou PXP\p2psvr.exe><Sohu.com Inc.>

==================================
驱动程序
[a347bus / a347bus][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\a347bus.sys><>
[a347scsi / a347scsi][Running/Boot Start]
  <\SystemRoot\System32\Drivers\a347scsi.sys><>
[acpidisk / acpidisk][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\acpidisk.sys><N/A>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[标准 IDE/ESDI 硬盘控制器 / atapi][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\atapi.sys><N/A>
[KNetWch / KNetWch][Running/System Start]
  <\??\C:\KAV6\KNetWch.SYS><金山电脑公司>
[KWatch / KWatch][Running/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\KWatch.Sys><Kingsoft Corporation>
[KWatch2 / KWatch2][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\KWatch2.sys><Kingsoft Antivirus>
[mxdispdr / mxdispdr][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\mxdispdr.sys><N/A>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\D:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[qipej / qipej][Running/Boot Start]
  <\SystemRoot\\SystemRoot\System32\drivers\qipej.sys><N/A>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[UNIS USB PC Camera(ZC0301PL) / ZSMC301b][Running/Manual Start]
  <System32\Drivers\usbVM31b.sys><VM>

==================================

[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
最后编辑2007-07-31 08:36:51
分享到:
gototop
 
vishno
头像
初生襁褓狮
  • 帖子:18
  • 注册: 2007-03-31
  • 来自:
发表于: 2007-07-30 23:27 | 只看楼主 短消息 资料
字号: 2楼

浏览器加载项
[ThunderAtOnce Class]
  {01443AEC-0FD1-40fd-9C87-E93D1494C233} <D:\xunlei\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[Thunder Browser Helper]
  {11F09AFC-75AD-4E51-AB43-E09E9351CE16} <D:\xunlei\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[CAdLogic Object]
  {11F09AFD-75AD-4E51-AB43-E09E9351CE16} <C:\Program Files\Common Files\CPUSH\cpush0.dll, >
[Info cache]
  {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} <C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll, 金泰丰(广州)科技有限公司>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <D:\xunlei\Thunder.exe, Thunder Networking Technologies,LTD>
[金山快译(&K)]
  {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} <C:\Program Files\Kingsoft\FastAIT 2005\IEBand.dll, 金山软件股份有限公司>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[ThunderAtOnce Class]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <D:\xunlei\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[Thunder Browser Helper]
  {11F09AFC-75AD-4E51-AB43-E09E9351CE16} <D:\xunlei\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[CAdLogic Object]
  {11F09AFD-75AD-4E51-AB43-E09E9351CE16} <C:\Program Files\Common Files\CPUSH\cpush0.dll, >
[InstallHelper Class]
  {1DABF8D5-8430-4985-9B7F-A30E53D709B3} <C:\Program Files\Tencent\QQLive\QQLiveInstaller.dll, >
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[IETag Factory]
  {38481807-CA0E-42D2-BF39-B33AF135CC4D} <C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\IETAG.DLL, Microsoft Corporation>
[Info cache]
  {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} <C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll, 金泰丰(广州)科技有限公司>
[Thunder Agent Class]
  {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <D:\xunlei\ComDlls\ThunderAgent_Now.dll, Thunder Networking Technologies,LTD>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[金山快译(&K)]
  {6C3797D2-3FEF-4CD4-B654-D3AE55B4128C} <C:\Program Files\Kingsoft\FastAIT 2005\IEBand.dll, 金山软件股份有限公司>
[Active Desktop Mover]
  {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[LiveMediaOcx Control]
  {9242BB35-0DB0-43AC-8DFC-8EA07E63B92A} <C:\PROGRA~1\Tencent\QQLive\QQLive.ocx, Tencent>
[金山毒霸]
  {A9BE2902-C447-420A-BB7F-A5DE921E6138} <C:\KAV6\KAIEPlus.DLL, >
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[AUDIO__MP3 Moniker Class]
  {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__AVI Moniker Class]
  {CD3AFA88-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_ASF Moniker Class]
  {CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
  {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[]
  {E1FC9760-7B95-49CD-80B9-8C9E41017B93} <C:\KAV6\KAVEXT.DLL, Kingsoft Corp.>
[Vod Class]
  {EEDD6FF9-13DE-496B-9A1C-D78B3215E266} <D:\xunlei\Components\DownAndPlay\DapPlayer1.0.0.41.dll, XunLei>
[&V使用Vagaa哇嘎下载]
  <D:\Vagaa\Data\vg.htm, N/A>
[使用迅雷下载]
  <D:\xunlei\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
  <D:\xunlei\Program\getallurl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>

==================================
gototop
 
vishno
头像
初生襁褓狮
  • 帖子:18
  • 注册: 2007-03-31
  • 来自:
发表于: 2007-07-30 23:28 | 只看楼主 短消息 资料
字号: 3楼

正在运行的进程
[PID: 484 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 540 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 564 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\winlib0.dll]  [N/A, ]
    [C:\WINDOWS\system32\msplrct.dll]  [N/A, ]
[PID: 608 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 620 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 768 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 812 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 876 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\wups2.dll]  [Microsoft Corporation, 7.0.6000.374 (winmain(wmbla).070416-2057)]
[PID: 924 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1168 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\WINDOWS\system32\HP1005LM.DLL]  [Software 2000 Limited, 2.6]
    [C:\WINDOWS\system32\mdimon.dll]  [Microsoft Corporation, 11.3.1897.0]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\HP1005S.DLL]  [Hewlett-Packard , 1.0.0.1]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll]  [Microsoft Corporation, 11.3.1897.0]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1005MT.DLL]  [Software 2000 Limited, 4.0.0.17]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1005MP.DLL]  [Software 2000 Limited, 4.0.0.17]
[PID: 1532 / Administrator][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Common Files\Ahead\Lib\NeroSearchBar.dll]  [Nero AG, 1, 2, 0, 13]
    [C:\Program Files\Common Files\Ahead\Lib\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Common Files\Ahead\Lib\NeroSearchTrayHook.dll]  [Nero AG, 1, 2, 0, 13]
    [C:\Program Files\Common Files\Ahead\Lib\MFC71U.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Common Files\Ahead\Lib\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Common Files\Ahead\Lib\BCGCBPRO800u.dll]  [BCGSoft Ltd, 8, 00, 0, 0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\KAV6\KMailFun.dll]  [Kingsoft Co., Ltd, 2005, 4, 28, 227]
    [C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll]  [Nero AG, 2, 0, 0, 8]
    [C:\Program Files\Common Files\Ahead\Lib\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\nvcpl.dll]  [NVIDIA Corporation, 6.14.10.8205]
    [C:\WINDOWS\system32\NVRSZHC.DLL]  [NVIDIA Corporation, 6.14.10.8205]
    [C:\WINDOWS\system32\nvshell.dll]  [, ]
[PID: 1648 / Administrator][C:\WINDOWS\SOUNDMAN.EXE]  [Realtek Semiconductor Corp., 5, 1, 0, 46]
    [C:\KAV6\KMailFun.dll]  [Kingsoft Co., Ltd, 2005, 4, 28, 227]
[PID: 1680 / Administrator][C:\KAV6\KpopMon.EXE]  [, 2004, 2, 2, 31]
    [C:\KAV6\KAVMLM.DLL]  [Kingsoft Corporation, 2003.11.12.10]
    [C:\KAV6\KMailFun.dll]  [Kingsoft Co., Ltd, 2005, 4, 28, 227]
[PID: 1720 / Administrator][C:\KAV6\KWatchUI.EXE]  [, 2004.1.6.119]
    [C:\KAV6\kavcomm.dll]  [Kingsoft Corporation, 2003, 11, 12, 66]
    [C:\KAV6\kavdlg.dll]  [, 2004.7.20.81]
    [C:\KAV6\KAVMLM.DLL]  [Kingsoft Corporation, 2003.11.12.10]
    [C:\KAV6\KMailFun.dll]  [Kingsoft Co., Ltd, 2005, 4, 28, 227]
    [C:\KAV6\RpcBrge.DLL]  [kingsoft, 2003, 11, 12, 64]
[PID: 1728 / Administrator][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\KAV6\KMailFun.dll]  [Kingsoft Co., Ltd, 2005, 4, 28, 227]
[PID: 1736 / Administrator][C:\KAV6\Kavpfw.EXE]  [Kingsoft Corporation, 2004, 8, 16, 295]
    [C:\KAV6\MFC42.DLL]  [Microsoft Corporation, 6.00.8665.0]
    [C:\KAV6\KAVMLM.DLL]  [Kingsoft Corporation, 2003.11.12.10]
    [C:\KAV6\PFWScanC.dll]  [KingSoft, 2002, 4, 12, 3]
    [C:\KAV6\KAMsgBox.dll]  [, 2002.9.27.30]
    [C:\KAV6\NetShare.dll]  [Kingsoft Antivirus, 2004, 2, 20, 67]
    [C:\KAV6\KAEPlat.DLL]  [Kingsoft Corp., 2005, 12, 29, 56]
    [C:\KAV6\KAEMem.DAT]  [Kingsoft, 2006, 4, 12, 13]
    [C:\KAV6\KAEUnpack.DAT]  [Kingsoft Corp., 2006, 6, 15, 44]
    [C:\KAV6\KMailFun.dll]  [Kingsoft Co., Ltd, 2005, 4, 28, 227]
    [C:\KAV6\KAEQSCAN.DLL]  [Kingsoft Corp, 2004, 3, 26, 69]
    [C:\KAV6\KAVLogFn.dll]  [, 2003, 11, 26, 16]
[PID: 1916 / Administrator][C:\KAV6\MailMon.EXE]  [Kingsoft Co., Ltd, 2004, 2, 6, 245]
    [C:\KAV6\KMFilter.DLL]  [, 2004, 3, 1, 37]
    [C:\KAV6\parse822.dll]  [Quiksoft Corporation, 2, 0, 0, 9]
    [C:\KAV6\MFC42.DLL]  [Microsoft Corporation, 6.00.8665.0]
    [C:\KAV6\KAVLogFn.dll]  [, 2003, 11, 26, 16]
    [C:\KAV6\KAVMLM.DLL]  [Kingsoft Corporation, 2003.11.12.10]
    [C:\KAV6\KAMsgBox.DLL]  [, 2002.9.27.30]
    [C:\KAV6\KAVComm.dll]  [Kingsoft Corporation, 2003, 11, 12, 66]
    [C:\KAV6\RpcBrge.DLL]  [kingsoft, 2003, 11, 12, 64]
    [C:\KAV6\KAVDlg.DLL]  [, 2004.7.20.81]
    [C:\KAV6\KAECall.DLL]  [Kingsoft Corporation, 2003, 11, 14, 66]
    [C:\KAV6\KAEScan.DLL]  [Kingsoft Corp., 2003, 5, 24, 36]
    [C:\KAV6\KAEPlat.DLL]  [Kingsoft Corp., 2005, 12, 29, 56]
    [C:\KAV6\KAEMem.DAT]  [Kingsoft, 2006, 4, 12, 13]
    [C:\KAV6\KAEUnpack.DAT]  [Kingsoft Corp., 2006, 6, 15, 44]
    [C:\KAV6\KMailFun.dll]  [Kingsoft Co., Ltd, 2005, 4, 28, 227]
[PID: 1992 / Administrator][C:\KAV6\KAVPlus.EXE]  [, 2004, 3, 3, 71]
    [C:\KAV6\MFC42.DLL]  [Microsoft Corporation, 6.00.8665.0]
    [C:\KAV6\KMailFun.dll]  [Kingsoft Co., Ltd, 2005, 4, 28, 227]
[PID: 900 / SYSTEM][C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1005MC.EXE]  [Software 2000 Limited, 4.0.0.17]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1005MP.DLL]  [Software 2000 Limited, 4.0.0.17]
[PID: 1032 / SYSTEM][C:\KAV6\KAVSvc.EXE]  [kingsoft Antivirus, 2003, 11, 12, 70]
    [C:\KAV6\SvcComm.dll]  [kingsoft Antivirus, 2004, 7, 28, 1]
    [C:\KAV6\SvcTimer.DLL]  [Kingsoft, 2004.4.29.79]
    [C:\KAV6\KavComm.dll]  [Kingsoft Corporation, 2003, 11, 12, 66]
    [C:\KAV6\RpcBrge.DLL]  [kingsoft, 2003, 11, 12, 64]
    [C:\KAV6\KWatchFn2.dll]  [kingsoft Corporation, 2004, 8, 24, 25]
    [C:\KAV6\KAEPlat.DLL]  [Kingsoft Corp., 2005, 12, 29, 56]
    [C:\KAV6\KAEMem.DAT]  [Kingsoft, 2006, 4, 12, 13]
    [C:\KAV6\KAEUnpack.DAT]  [Kingsoft Corp., 2006, 6, 15, 44]
    [C:\KAV6\KAVUtils.dll]  [Kingsoft Corp, 2004, 2, 12, 69]
    [C:\KAV6\MFC42.DLL]  [Microsoft Corporation, 6.00.8665.0]
    [C:\KAV6\KAVDlg.DLL]  [, 2004.7.20.81]
    [C:\KAV6\KAVLogFn.dll]  [, 2003, 11, 26, 16]
[PID: 1100 / SYSTEM][C:\Program Files\Common Files\LightScribe\LSSrvc.exe]  [Hewlett-Packard Company, 1.4.124.1]
    [C:\Program Files\Common Files\LightScribe\LSSProxy.dll]  [Hewlett-Packard Company, 1.4.124.1]
    [C:\Program Files\Common Files\LightScribe\LSLog.dll]  [Hewlett-Packard Company, 1.4.124.1]
    [C:\Program Files\Common Files\LightScribe\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.42]
    [C:\Program Files\Common Files\LightScribe\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.42]
[PID: 1152 / SYSTEM][C:\WINDOWS\system32\nvsvc32.exe]  [NVIDIA Corporation, 6.14.10.8205]
[PID: 1380 / SYSTEM][C:\Program Files\Common Files\Sogou PXP\p2psvr.exe]  [Sohu.com Inc., 2, 0, 0, 32]
    [d:\Program Files\Sogou PXP\vodsvr.dll]  [Sohu.com Inc., 2, 4, 3, 2]
    [d:\Program Files\Sogou PXP\pxpnet.dll]  [Sohu.com Inc., 2, 0, 0, 18]
    [d:\Program Files\Sogou PXP\p2pclient.dll]  [Sohu.com Inc., 2, 9, 1, 14]
[PID: 1476 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1784 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 504 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 848 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2636 / SYSTEM][C:\WINDOWS\system32\wuauclt.exe]  [Microsoft Corporation, 7.0.6000.374 (winmain(wmbla).070416-2057)]
    [C:\WINDOWS\system32\wups2.dll]  [Microsoft Corporation, 7.0.6000.374 (winmain(wmbla).070416-2057)]
[PID: 2740 / NETWORK SERVICE][C:\WINDOWS\system32\wbem\wmiprvse.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3256 / Administrator][D:\扫描日志\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [C:\KAV6\KMailFun.dll]  [Kingsoft Co., Ltd, 2005, 4, 28, 227]
    [D:\扫描日志\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
进程特权扫描
特殊特权被允许: SeLoadDriverPrivilege [PID = 1648, C:\WINDOWS\SOUNDMAN.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1680, C:\KAV6\KPOPMON.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1720, C:\KAV6\KWATCHUI.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 1736, C:\KAV6\KAVPFW.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1736, C:\KAV6\KAVPFW.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 1916, C:\KAV6\MAILMON.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1916, C:\KAV6\MAILMON.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1992, C:\KAV6\KAVPLUS.EXE]

==================================
API HOOK
入口点错误:LoadLibraryExW (危险等级: 高,  被下面模块所HOOK: C:\KAV6\KMailFun.dll)

==================================
隐藏进程
N/A

==================================


[/CODE]
gototop
 
Enao2005
头像
版主
  • 帖子:2112
  • 注册: 2004-12-02
  • 来自:
发表于: 2007-07-31 08:47 | 短消息 资料
字号: 4楼

删除驱动服务
[mxdispdr / mxdispdr][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\mxdispdr.sys><N/A>

安全模式下删除
C:\Program Files\Common Files\CPUSH
[C:\WINDOWS\system32\winlib0.dll] [N/A, ]
[C:\WINDOWS\system32\msplrct.dll]
C:\WINDOWS\system32\drivers\mxdispdr.sys

删除不掉的文件尝试用XDelBox1.3删除(enao.ys168.com 下载)
打开XDelBox1.3==>在 文件路径 填上文件具体路径==>点 添加==>勾选上 抑制再生==>选中 列表中的文件 点 右键(若要一次性删除多个文件,可以按住键盘的Ctrl,进行多选)==>立刻重启执行删除
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT