瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 【求助】我的机子一下中了8个木马,但怎么也杀不掉?

12   1  /  2  页   跳转

【求助】我的机子一下中了8个木马,但怎么也杀不掉?

收藏
xixilulu
头像
初生襁褓狮
  • 帖子:11
  • 注册: 2007-03-27
  • 来自:
发表于: 2007-03-27 10:05 | 显示全部 短消息 资料
字号: 1楼

【求助】我的机子一下中了8个木马,但怎么也杀不掉?

我的机子昨天莫名其妙的中了8个病毒,但其中多为木马,有WSTTRS盗号木马/MPPDS木马等,我用的是金山毒霸但升级后却始终也杀不了这些可恶的病毒,请教各位高手有什么好的办法?
最后编辑2007-03-27 11:15:14
分享到:
gototop
 
xixilulu
头像
初生襁褓狮
  • 帖子:11
  • 注册: 2007-03-27
  • 来自:
发表于: 2007-03-27 10:17 | 显示全部 短消息 资料
字号: 2楼

这样就可以把木马给杀掉吗?
我刚在网上查了一下SRE是个智能扫描软件是吗?
gototop
 
xixilulu
头像
初生襁褓狮
  • 帖子:11
  • 注册: 2007-03-27
  • 来自:
发表于: 2007-03-27 10:32 | 显示全部 短消息 资料
字号: 3楼

[CODE]

2007-03-27,10:15:40

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Professional Service Pack 4 (Build 2195) - 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <Internat.exe><internat.exe>  [(Verified)Microsoft Windows 2000 Publisher]
    <PhMain><C:\Program Files\PeanutHull3\Phmain.exe>  [广东网域]
    <KavPFW><"C:\KAV2007\KPFW32.EXE">  [Kingsoft Corporation]
    <t3qe><C:\DOCUME~1\aipu\LOCALS~1\Temp\iexpl0re.exe>  []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <333><C:\Syswm1h\svchost.exe>  []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
    <run><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <Synchronization Manager><mobsync.exe /logon>  [(Verified)Microsoft Windows 2000 Publisher]
    <NvCplDaemon><RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <nwiz><nwiz.exe /install>  [NVIDIA Corporation]
    <NvMediaCenter><RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <AutoWatchDog><C:\CXRecord6\CXWatchDog.exe>  []
    <SoundMan><SOUNDMAN.EXE>  [Realtek Semiconductor Corp.]
    <NeroFilterCheck><C:\WINNT\system32\NeroCheck.exe>  [Ahead Software Gmbh]
    <RestoreFound><C:\CXRecord6\Tools\RestoreFOUND.exe>  []
    <KavStart><"C:\KAV2007\KAVStart.exe" -startup>  [Kingsoft Corporation]
gototop
 
xixilulu
头像
初生襁褓狮
  • 帖子:11
  • 注册: 2007-03-27
  • 来自:
发表于: 2007-03-27 10:32 | 显示全部 短消息 资料
字号: 4楼

<upxdnd><C:\DOCUME~1\aipu\LOCALS~1\Temp\zz.exe>  []
    <mppds><C:\WINNT\mppds.exe>  []
    <wsttrs><C:\WINNT\wsttrs.exe>  []
    <winform><C:\WINNT\winform.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
    <wins><wins.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows 2000 Publisher]
    <Userinit><C:\WINNT\system32\Userinit.exe>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{1A404685-7563-4d02-B0F6-58B308A406A9}><c:\program files\tencent\qq\eucwhgvn.dll>  [N/A]
    <{A6011F8F-A7F8-49AA-9ADA-49127D43138F}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\NewInfo.rxk>  []
    <{754FB7D8-B8FE-4810-B363-A788CD060F1F}><C:\Program Files\Internet Explorer\PLUGINS\SystemKb.sys>  []
    <{E25C29AB-12B9-4523-A53C-324B5FBA648C}><c:\program files\peanuthull3\gtbplnte.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cmdmant]
    <WinlogonNotify: cmdmant><msgcom.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Windows Media Player><C:\WINNT\system32\setup\wmpocm.exe /ShowWMP>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><C:\WINNT\system32\ssmarque.scr>  [(Verified)Microsoft Windows 2000 Publisher]

==================================
启动文件夹
[Microsoft Office]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Microsoft Office.lnk --> C:\PROGRA~1\MICROS~2\Office\OSA9.EXE [Microsoft Corporation]><N>

==================================
服务
[2BBC37A0 / 2BBC37A0][Stopped/Auto Start]
  <C:\WINNT\system32\2BBC37A0.EXE -service><N/A>
[Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
gototop
 
xixilulu
头像
初生襁褓狮
  • 帖子:11
  • 注册: 2007-03-27
  • 来自:
发表于: 2007-03-27 10:33 | 显示全部 短消息 资料
字号: 5楼

<C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[Kingsoft Personal Firewall Service / KPfwSvc][Running/Auto Start]
  <"C:\KAV2007\KPfwSvc.EXE"><Kingsoft Corporation>
[Kingsoft Antivirus KWatch Service / KWatchSvc][Running/Auto Start]
  <C:\KAV2007\KWatch.EXE><Kingsoft Corporation>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
  <C:\WINNT\system32\nvsvc32.exe><NVIDIA Corporation>
[PeanuthullCore / PeanuthullCore][Stopped/Auto Start]
  <C:\Program Files\PeanutHull3\PhCore.exe -service><广东网域>
[GrayPigeon / Server][Stopped/Auto Start]
  <C:\WINNT\Server.exe><N/A>
[COM+ Interface / svcmngr][Stopped/Auto Start]
  <C:\WINNT\system32\svcmngr.exe /s><N/A>
[Windows CreaterDown / WindowsDown][Stopped/Auto Start]
  <C:\WINNT\system32\Webrvet.exe><N/A>
[WPrinter / WPrinter][Stopped/Auto Start]
  <C:\WINNT\SYSTEM32\WPRINT.EXE><N/A>
[Audio Adapter / VGADown][Running/Auto Start]
  <C:\WINNT\avp.exe><N/A>

==================================
驱动程序
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[dmboot / dmboot][Stopped/Disabled]
  <System32\drivers\dmboot.sys><VERITAS Software Corp.>
[Logical Disk Manager Driver / dmio][Running/Boot Start]
  <\SystemRoot\System32\drivers\dmio.sys><VERITAS Software Corp.>
[dmload / dmload][Running/Boot Start]
  <\SystemRoot\System32\drivers\dmload.sys><VERITAS Software Corp.>
[kmsinput / kmsinput][Stopped/Manual Start]
  <\??\C:\WINNT\system32\drivers\kmsinput.sys><N/A>
[KNetWch / KNetWch][Running/System Start]
  <\??\C:\KAV2007\KNetWch.SYS><Kingsoft Corporation>
[KWatch3 / KWatch3][Running/System Start]
  <\??\C:\WINNT\system32\drivers\KWatch3.SYS><Kingsoft Corporation>
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
  <system32\DRIVERS\npf.sys><CACE Technologies>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[PNX1500 / PNX1500][Running/Manual Start]
  <system32\DRIVERS\PNX1500.sys><Guangzhou Jinpeng Group Ltd.>
gototop
 
xixilulu
头像
初生襁褓狮
  • 帖子:11
  • 注册: 2007-03-27
  • 来自:
发表于: 2007-03-27 10:33 | 显示全部 短消息 资料
字号: 6楼

[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PPPoE Protocol / RMSPPPOE][Running/Manual Start]
  <system32\DRIVERS\RMSPPPOE.SYS><Robert Schlabbach>
[WINIO / WINIO][Stopped/Manual Start]
  <\??\C:\WINNT\Downloaded Program Files\winio.sys><N/A>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[NDIS5 Miniport Driver for Marvell Yukon Gigabit Ethernet Adapter / yukonw2k][Running/Manual Start]
  <system32\DRIVERS\yukonw2k.sys><Marvell Semiconductor Inc.>
[ATSpy / ATSpy][Running/Manual Start]
  <\??\C:\WINNT\system32\ATSpy.sys><N/A>

==================================
浏览器加载项
[CBrowseStakeout Class]
  {55302805-482E-470E-8A57-6795A1487F90} <C:\KAV2007\KAVAFish.DLL, Kingsoft Corporation>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
[MMCPlayer Class]
  {05C1004E-2596-48E5-8E26-39362985EEB9} <C:\WINNT\Downloaded Program Files\MMCShell.dll, Sohu.com Inc.>
[Shockwave ActiveX Control]
  {166B1BCA-3F9C-11CF-8075-444553540000} <C:\WINNT\system32\macromed\Shockwave 10\Download.dll, Adobe Systems, Inc.>
[JinPeng KMH400 H264 Net Player-CXNewRecord Class]
  {84BC7EBE-A340-4AD5-8328-50EB96658E42} <C:\WINNT\Downloaded Program Files\CONFLICT.2\NetPlay2MV4.OCX, >
[BlueskyAudio Class]
  {BA0F088C-72C1-475A-92F8-42391DEF6961} <C:\WINNT\Downloaded Program Files\blueskyvoice.dll, 蓝天工作室(http://www.bluesky.cn)>
[PicUploadCtrl Class]
  {BF8C499A-AC6E-4F58-82EA-9E5FCC41C34B} <C:\WINNT\Downloaded Program Files\CONFLICT.1\PicUpload.dll, Sohu.com Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000}
gototop
 
xixilulu
头像
初生襁褓狮
  • 帖子:11
  • 注册: 2007-03-27
  • 来自:
发表于: 2007-03-27 10:33 | 显示全部 短消息 资料
字号: 7楼

<C:\WINNT\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[上传到QQ网络硬盘]
  <C:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
  <C:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <C:\Program Files\Tencent\QQ\SendMMS.htm, N/A>

==================================
正在运行的进程
[PID: 192][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 152][\??\C:\WINNT\system32\csrss.exe]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 128][\??\C:\WINNT\system32\winlogon.exe]  [Microsoft Corporation, 5.00.2195.6970]
    [C:\WINNT\system32\wdmaud.drv]  [Microsoft Corporation, 5.00.2195.6673]
    [C:\WINNT\system32\msacm32.drv]  [Microsoft Corporation, 5.00.2134.1]
    [c:\program files\tencent\qq\yrnlxypu.dll]  [N/A, ]
    [c:\program files\peanuthull3\ereflsuq.dll]  [N/A, ]
    [c:\program files\peanuthull3\gtbplnte.dll]  [N/A, ]
[PID: 220][C:\WINNT\system32\services.exe]  [Microsoft Corporation, 5.00.2195.6700]
    [C:\WINNT\system32\dmserver.dll]  [VERITAS Software Corp., 2195.6605.297.3]
[PID: 232][C:\WINNT\system32\lsass.exe]  [Microsoft Corporation, 5.00.2195.6902]
[PID: 412][C:\KAV2007\KWatch.EXE]  [Kingsoft Corporation, 2007, 2, 12, 84]
    [C:\KAV2007\KAVIPC2.DLL]  [Kingsoft Corporation, 2007, 1, 15, 30]
    [C:\KAV2007\KAEPlat.DLL]  [Kingsoft Corp., 2007, 2, 4, 61]
    [C:\KAV2007\KAEMem.DAT]  [Kingsoft, 2006, 9, 25, 16]
    [C:\KAV2007\KAEUnpack.DAT]  [Kingsoft Corp., 2007, 3, 7, 112]
    [C:\KAV2007\KAVQuara.DLL]  [Kingsoft Corporation, 2007, 1, 25, 1]
[PID: 448][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\ldmedia3.dll]  [N/A, ]
[PID: 484][C:\WINNT\system32\spoolsv.exe]  [Microsoft Corporation, 5.00.2195.7059]
    [C:\WINNT\system32\ldmedia3.dll]  [N/A, ]
[PID: 1320][C:\WINNT\Explorer.EXE]  [Microsoft Corporation, 5.00.3700.6690]
    [C:\WINNT\AppPatch\AcLayers.DLL]  [Microsoft Corporation, 5.00.2195.6717]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\NewInfo.rxk]  [N/A, ]
    [C:\Program Files\Internet Explorer\PLUGINS\SystemKb.sys]  [N/A, ]
    [c:\program files\peanuthull3\ereflsuq.dll]  [N/A, ]
    [C:\WINNT\system32\wdmaud.drv]  [Microsoft Corporation, 5.00.2195.6673]
    [C:\WINNT\system32\msacm32.drv]  [Microsoft Corporation, 5.00.2134.1]
    [C:\Syswm1h\Ghook.dll]  [N/A, ]
    [C:\DOCUME~1\aipu\LOCALS~1\Temp\upxdnd.dll]  [N/A, ]
    [C:\WINNT\system32\mppds.dll]  [N/A, ]
    [C:\WINNT\system32\winform.dll]  [N/A, ]
    [C:\DOCUME~1\aipu\LOCALS~1\Temp\LgSy0.dll]  [N/A, ]
    [C:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2006, 12, 21, 241]
    [C:\KAV2007\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 12, 1, 139]
    [C:\WINNT\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINNT\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINNT\system32\ldmedia3.dll]  [N/A, ]
    [c:\program files\peanuthull3\gtbplnte.dll]  [N/A, ]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\WINNT\system32\msadp32.acm]  [Microsoft Corporation, 5.00.2134.1]
    [C:\KAV2007\KAVEXT.DLL]  [Kingsoft Corporation, 2005, 8, 5, 16]
    [C:\WINNT\system32\nvshell.dll]  [NVIDIA Corporation, 6.14.10.5664]
    [C:\WINNT\system32\NVWRSZHC.DLL]  [NVIDIA Corporation, 6.14.10.5664]
    [C:\WINNT\system32\winabc.ime]  [Microsoft Corporation, 5.00.2195.6601]
    [C:\WINNT\system32\WINWB86.IME]  [Microsoft Corporation, 4.00.950]
[PID: 1336][C:\WINNT\system32\wuauclt.exe]  [Microsoft Corporation, 5.8.0.2469 built by: lab01_n(wmbla)]
    [C:\Program Files\Internet Explorer\PLUGINS\SystemKb.sys]  [N/A, ]
    [C:\WINNT\system32\wups.dll]  [Microsoft Corporation, 5.8.0.2469 built by: lab01_n(wmbla)]
    [C:\WINNT\system32\wups2.dll]  [Microsoft Corporation, 5.8.0.2469 built by: lab01_n(wmbla)]
    [C:\WINNT\system32\wucltui.dll]  [Microsoft Corporation, 5.8.0.2469 built by: lab01_n(wmbla)]
    [C:\Syswm1h\Ghook.dll]  [N/A, ]
    [C:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2006, 12, 21, 241]
gototop
 
xixilulu
头像
初生襁褓狮
  • 帖子:11
  • 注册: 2007-03-27
  • 来自:
发表于: 2007-03-27 10:34 | 显示全部 短消息 资料
字号: 8楼

[PID: 1796][C:\CXRecord6\CXWatchDog.exe]  [N/A, ]
[PID: 1676][C:\WINNT\SOUNDMAN.EXE]  [Realtek Semiconductor Corp., 5.0.12]
    [C:\Program Files\Internet Explorer\PLUGINS\SystemKb.sys]  [N/A, ]
    [C:\WINNT\system32\wdmaud.drv]  [Microsoft Corporation, 5.00.2195.6673]
    [C:\WINNT\system32\msacm32.drv]  [Microsoft Corporation, 5.00.2134.1]
    [C:\Syswm1h\Ghook.dll]  [N/A, ]
[PID: 1048][C:\KAV2007\KAVStart.exe]  [Kingsoft Corporation, 2007, 3, 5, 263]
    [C:\WINNT\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINNT\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINNT\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINNT\system32\MFC71CHS.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Internet Explorer\PLUGINS\SystemKb.sys]  [N/A, ]
    [C:\KAV2007\KAVIPC2.DLL]  [Kingsoft Corporation, 2007, 1, 15, 30]
    [C:\KAV2007\SvcTimer.DLL]  [Kingsoft Corporation, 2006.12.22.84]
    [C:\KAV2007\KAVPassp.dll]  [Kingsoft Corporation, 2006, 12, 30, 271]
    [C:\KAV2007\PopSprt3.dll]  [Kingsoft Corporation, 2007, 1, 16, 45]
    [C:\Syswm1h\Ghook.dll]  [N/A, ]
    [C:\WINNT\system32\ldmedia3.dll]  [N/A, ]
    [C:\KAV2007\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 12, 1, 139]
    [C:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2006, 12, 21, 241]
    [C:\DOCUME~1\aipu\LOCALS~1\Temp\LgSy0.dll]  [N/A, ]
[PID: 528][C:\WINNT\wsttrs.exe]  [N/A, ]
    [C:\WINNT\system32\wdmaud.drv]  [Microsoft Corporation, 5.00.2195.6673]
    [C:\WINNT\system32\wsttrs.dll]  [N/A, ]
[PID: 1680][C:\Syswm1h\svchost.exe]  [N/A, ]
    [C:\Syswm1h\Ghook.dll]  [N/A, ]
[PID: 1512][C:\WINNT\system32\internat.exe]  [Microsoft Corporation, 5.00.2920.0000]
    [C:\Program Files\Internet Explorer\PLUGINS\SystemKb.sys]  [N/A, ]
    [C:\Syswm1h\Ghook.dll]  [N/A, ]
    [C:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2006, 12, 21, 241]
[PID: 1304][C:\KAV2007\KPFW32.EXE]  [Kingsoft Corporation, 2007, 2, 2, 687]
    [C:\WINNT\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINNT\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINNT\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINNT\system32\MFC71CHS.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Internet Explorer\PLUGINS\SystemKb.sys]  [N/A, ]
    [C:\KAV2007\KAVIPC2.DLL]  [Kingsoft Corporation, 2007, 1, 15, 30]
    [C:\KAV2007\KAConfig.DLL]  [Kingsoft Corporation, 2007, 1, 11, 41]
    [C:\KAV2007\FiltList.dll]  [N/A, ]
    [C:\KAV2007\KAVPassp.DLL]  [Kingsoft Corporation, 2006, 12, 30, 271]
    [C:\KAV2007\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 12, 1, 139]
    [C:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2006, 12, 21, 241]
    [C:\Syswm1h\Ghook.dll]  [N/A, ]
[PID: 1348][C:\KAV2007\KMailMon.EXE]  [Kingsoft Corporation, 2007, 2, 25, 948]
    [C:\KAV2007\KAntiSpm.dll]  [Kingsoft Corporation, 2007, 2, 25, 129]
    [C:\WINNT\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINNT\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\KAV2007\KAVIPC2.DLL]  [Kingsoft Corporation, 2007, 1, 15, 30]
    [C:\KAV2007\KAECall2.DLL]  [Kingsoft Corporation, 2004, 12, 28, 7]
    [C:\KAV2007\KAEPlat.DLL]  [Kingsoft Corp., 2007, 2, 4, 61]
    [C:\KAV2007\KAEMem.DAT]  [Kingsoft, 2006, 9, 25, 16]
    [C:\KAV2007\KAEUnpack.DAT]  [Kingsoft Corp., 2007, 3, 7, 112]
    [C:\Program Files\Internet Explorer\PLUGINS\SystemKb.sys]  [N/A, ]
    [C:\KAV2007\KAConfig.DLL]  [Kingsoft Corporation, 2007, 1, 11, 41]
    [C:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2006, 12, 21, 241]
    [C:\KAV2007\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 12, 1, 139]
    [C:\Syswm1h\Ghook.dll]  [N/A, ]
[PID: 624][C:\KAV2007\KASMain.EXE]  [Kingsoft Corporation, 2007, 3, 17, 123]
    [C:\WINNT\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINNT\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINNT\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINNT\system32\MFC71CHS.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\KAV2007\KAVIPC2.DLL]  [Kingsoft Corporation, 2007, 1, 15, 30]
gototop
 
xixilulu
头像
初生襁褓狮
  • 帖子:11
  • 注册: 2007-03-27
  • 来自:
发表于: 2007-03-27 10:35 | 显示全部 短消息 资料
字号: 9楼

[C:\KAV2007\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 12, 1, 139]
    [C:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2006, 12, 21, 241]
    [C:\Program Files\Internet Explorer\PLUGINS\SystemKb.sys]  [N/A, ]
    [C:\DOCUME~1\aipu\LOCALS~1\Temp\LgSy0.dll]  [N/A, ]
    [C:\Syswm1h\Ghook.dll]  [N/A, ]
    [C:\KAV2007\KAS\KASEngine.dll]  [Kingsoft Corporation, 2007, 2, 11, 107]
    [C:\KAV2007\KAS\KASData.dll]  [Kingsoft Corporation, 2007, 2, 11, 32]
    [C:\WINNT\system32\msxml3.dll]  [Microsoft Corporation, 8.30.9926.0]
    [C:\KAV2007\KAS\Extend\KASExt.KAS]  [Kingsoft Corporation, 2007, 3, 22, 118]
[PID: 1832][C:\WINNT\system32\conime.exe]  [Microsoft Corporation, 5.00.2195.6655]
    [C:\KAV2007\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 12, 1, 139]
    [C:\WINNT\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINNT\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2006, 12, 21, 241]
    [C:\Program Files\Internet Explorer\PLUGINS\SystemKb.sys]  [N/A, ]
    [C:\Syswm1h\Ghook.dll]  [N/A, ]
[PID: 348][E:\mlj\智能扫描SRENG2\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [C:\KAV2007\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 12, 1, 139]
    [C:\WINNT\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINNT\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2006, 12, 21, 241]
    [C:\Program Files\Internet Explorer\PLUGINS\SystemKb.sys]  [N/A, ]
    [C:\Syswm1h\Ghook.dll]  [N/A, ]
    [C:\DOCUME~1\aipu\LOCALS~1\Temp\LgSy0.dll]  [N/A, ]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  Error. [winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
MSAFD Tcpip [TCP/IP]
    C:\WINNT\system32\ldmedia3.dll(, N/A)
MSAFD Tcpip [RAW/IP]
    C:\WINNT\system32\ldmedia3.dll(, N/A)

==================================
Autorun.inf
N/A

==================================
gototop
 
xixilulu
头像
初生襁褓狮
  • 帖子:11
  • 注册: 2007-03-27
  • 来自:
发表于: 2007-03-27 10:38 | 显示全部 短消息 资料
字号: 10楼

HOSTS 文件
127.0.0.1      localhost
127.0.0.1      ad.hbh.cn
127.0.0.1      down.4512964.com
127.0.0.1      www.ip2008.net
127.0.0.1      www.baiwanip.com
127.0.0.1      www.haoll.com
127.0.0.1      www.818c.com
127.0.0.1      www.y988.com
127.0.0.1      www.winopen.cn
127.0.0.1      www.tanip.com
127.0.0.1      www.365tc.com
127.0.0.1      code.winopen.cn
127.0.0.1      code1.winopen.cn
127.0.0.1      code2.winopen.cn
127.0.0.1      code3.winopen.cn
127.0.0.1      code4.winopen.cn
127.0.0.1      www.djk66.com
127.0.0.1      www.158soft.com
127.0.0.1      www.10359172.com
127.0.0.1      www.ietool.cn
127.0.0.1      www.456link.com
127.0.0.1      www.159.com
127.0.0.1      www.17510.com
127.0.0.1      www.at58.cn
127.0.0.1      www.nb46.com
127.0.0.1      www.qqget.cn
127.0.0.1      www.6tan.com
127.0.0.1      www.ip321.cn
127.0.0.1      www.ip369.com
127.0.0.1      www.369ip.com.cn
127.0.0.1    rhino.acme.com
127.0.0.1    www.369ip.com.cn
127.0.0.1    x.acme.com
127.0.0.1    cn.47555.cn
127.0.0.1    new3.etsoft.com.cn
127.0.0.1    new3.etsoft.com
127.0.0.1    etsoft.com
127.0.0.1    wl.etsoft.com.cn
127.0.0.1    wl.etsoft.com
127.0.0.1    down.jschina.com.cn
127.0.0.1    down.jschina.com
127.0.0.1    jschina.com
127.0.0.1    wow.etsoft.com.cn
127.0.0.1    wow.etsoft.com
127.0.0.1    new3.etsoft.com.cn
127.0.0.1    new3.etsoft.com
127.0.0.1    sw.etsoft.com.cn
127.0.0.1    mh.etsoft.com.cn
127.0.0.1    wool.etsoft.com.cn
127.0.0.1    zt.soft.com.cn
127.0.0.1    www.gaodumm.com
127.0.0.1    www.97725.com
127.0.0.1    www.ac86.cn

==================================
API HOOK
入口点错误:LoadLibraryExW (危险等级: 一般,  被下面模块所HOOK: C:\KAV2007\KASocket.dll)

==================================
隐藏进程
N/A

==================================


[/CODE]
gototop
 
<<上一主题|下一主题>>
12   1  /  2  页   跳转
页面顶部
Powered by Discuz!NT