瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 启动QQ时,系统自带的画图工具自动打开,附日志!

1   1  /  1  页   跳转

[求助] 启动QQ时,系统自带的画图工具自动打开,附日志!

收藏
zzzwb
头像
快乐黄口狮
  • 帖子:161
  • 注册: 2006-01-22
  • 来自:
发表于: 2009-05-01 23:18 | 显示全部 短消息 资料
字号: 1楼

启动QQ时,系统自带的画图工具自动打开,附日志!

CODE]

2009-05-01,23:17:36

System Repair Engineer 2.7.0.1210
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描
    计划任务
    API HOOK
    隐藏进程


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\CTFMON.EXE>  [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
    <run><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <NvCplDaemon><; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <BigDog303><; C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)>  [File is missing]
    <AVP><"D:\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe">  [(Verified)Kaspersky Lab]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <Alcmtr><anymie360.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><gjfcjmbc.dll,nlnbpejm.dll,egdgpoom.dll,fcpillae.dll,nbgfpkki.dll,lembjaac.dll,hgnfgemm.dll,ehaajeng.dll,gbmfjdha.dll,kmfehlam.dll,olckoele.dll,hkicplnf.dll,D:\KASPER~1\KASPER~1\mzvkbd.dll,D:\KASPER~1\KASPER~1\mzvkbd3.dll,D:\KASPER~1\KASPER~1\adialhk.dll,D:\KASPER~1\KASPER~1\kloehk.dll>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <{9EF27EE4-4141-4E51-A118-6FCC570C8796}><C:\WINDOWS\Fonts\avxzjbgx.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <CDBurn><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <WebCheck><%SystemRoot%\system32\webcheck.dll>  [(Verified)Microsoft Windows Publisher]
    <SysTray><C:\WINDOWS\system32\stobject.dll>  [(Verified)Microsoft Windows Publisher]
    <C:\WINDOWS\Fonts\avxzjbgx.dll><C:\WINDOWS\Fonts\avxzjbgx.dll>  []
    <03FC36BC><>  [N/A]
    <757B9E36><>  [N/A]
    <E0D09886><>  [N/A]
    <FC9255AE><>  [N/A]
    <7B0F9442><>  [N/A]
    <5E6B3AAC><C:\WINDOWS\system32\lembjaac.dll>  [File is missing]
    <107F0E66><>  [N/A]
    <E1AA3E70><>  [N/A]
    <0B6F3D1A><>  [N/A]
    <46FE15A6><>  [N/A]
    <85C48E5E><>  [N/A]
    <142C957F><>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    <WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    <WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    <WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
    <WinlogonNotify: klogon><C:\WINDOWS\system32\klogon.dll>  [(Verified)Kaspersky Lab]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    <WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    <WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    <WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    <WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    <WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    <WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
    <Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
    <Internet Explorer 6><%SystemRoot%\system32\ie4uinit.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe]
    <IFEO[auto.exe]><AUTOGUARDER GUARDED.>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <360Safebox><; "C:\Program Files\360Safebox\safeboxTray.exe" /r>  [(Verified)Qizhi Software (beijing) Co. Ltd]
    <Adobe Reader Speed Launcher><; "D:\Adobe Reader\Reader\Reader_sl.exe">  [(Verified)"Adobe Systems, Incorporated"]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <AdobeUpdater><; C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe>  [(Verified)Adobe Systems Incorporated]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <amd_dc_opt><; C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe>  [AMD]
    <Grid Service><; "C:\Program Files\GridService\peer.exe" -n Grid>  [FS2YOU]
    <SkyTel><; SkyTel.EXE>  [Realtek Semiconductor Corp.]
    <StormCodec_Helper><; "d:\Ringz Studio\Storm Codec\StormSet.exe" /S /opti>  []
    <搜狐彩电网页版><; C:\Program Files\sohutv_web\SysTrayIcon.exe "C:\Program Files\sohutv_web" "e90bba3326d63ab8ce804dd2acff86de" "1.0.0.4" "">  [File is missing]
    <搜狐电视机网页版><; C:\Program Files\sohutv_web\SysTrayIcon.exe "C:\Program Files\sohutv_web" "e90bba3326d63ab8ce804dd2acff86de" "1.0.0.10" "">  [File is missing]

==================================
启动文件夹
N/A

==================================
服务
[Adobe LM Service / Adobe LM Service][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[Kaspersky Internet Security / AVP][Running/Auto Start]
  <"D:\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" -r><Kaspersky Lab>
[C-DillaCdaC11BA / C-DillaCdaC11BA][Running/Auto Start]
  <C:\WINDOWS\system32\drivers\CDAC11BA.EXE><Macrovision>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Hotspot Shield Service / HotspotShieldService][Stopped/Auto Start]
  <><(File is missing)>
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
  <"C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"><Macrovision Corporation>
[nProtect GameGuard Service / npggsvc][Stopped/Manual Start]
  <C:\WINDOWS\system32\GameMon.des -service><INCA Internet Co., Ltd.>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[PunkBuster / PnkBstrA][Stopped/Auto Start]
  <"F:\EA Games\Need for Speed Undercover\PB\PnkBstrA.exe"><(File is missing)>
[Stormser / Stormser][Stopped/Auto Start]
  <><(File is missing)>

==================================
驱动程序
[AMD Processor Driver / AmdK8][Running/System Start]
  <system32\DRIVERS\AmdK8.sys><Advanced Micro Devices>
[AMD Low Level Device Driver / AmdLLD][Running/Manual Start]
  <system32\DRIVERS\AmdLLD.sys><AMD, Inc.>
[RAS Asynchronous Media Driver / AsyncMac][Stopped/Manual Start]
  <system32\DRIVERS\asyncmac.sys><N/A>
[CdaC15BA / CdaC15BA][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\CDAC15BA.SYS><Macrovision Europe Ltd>
[Microsoft 用于 High Definition Audio 的 UAA 总线驱动程序 / HDAudBus][Running/Manual Start]
  <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]
  <system32\drivers\RtkHDAud.sys><Realtek Semiconductor Corp.>
[kl1 / kl1][Running/Boot Start]
  <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
[Kaspersky Lab Boot Guard Driver / klbg][Running/Boot Start]
  <\SystemRoot\system32\drivers\klbg.sys><Kaspersky Lab>
[Kaspersky Lab KLFltDev / KLFLTDEV][Running/Manual Start]
  <system32\DRIVERS\klfltdev.sys><Kaspersky Lab>
[Kaspersky Lab Driver / KLIF][Running/System Start]
  <system32\DRIVERS\klif.sys><Kaspersky Lab>
[Kaspersky Anti-Virus NDIS Filter / klim5][Running/Manual Start]
  <system32\DRIVERS\klim5.sys><Kaspersky Lab>
[msiffei / msiffei][Stopped/Manual Start]
  <System32\Drivers\msiffei.sys><N/A>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[nvata / nvata][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\nvata.sys><NVIDIA Corporation>
[NVIDIA nForce Networking Controller Driver / NVENETFD][Running/Manual Start]
  <system32\DRIVERS\NVENETFD.sys><NVIDIA Corporation>
[NVIDIA Network Bus Enumerator / nvnetbus][Running/Manual Start]
  <system32\DRIVERS\nvnetbus.sys><NVIDIA Corporation>
[oreans32 / oreans32][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\oreans32.sys><N/A>
[StarForce Protection Environment Driver v6 / prodrv06][Running/System Start]
  <\SystemRoot\System32\drivers\prodrv06.sys><Protection Technology>
[StarForce Protection Helper Driver v2 / prohlp02][Running/Boot Start]
  <\SystemRoot\System32\drivers\prohlp02.sys><Protection Technology>
[StarForce Protection Synchronization Driver v1 / prosync1][Running/Boot Start]
  <\SystemRoot\System32\drivers\prosync1.sys><Protection Technology>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
  <\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\SafeBoxKrnl.sys><360安全中心>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[StarForce Protection Helper Driver / sfhlp01][Running/Boot Start]
  <\SystemRoot\System32\drivers\sfhlp01.sys><Protection Technology>
[Sony USB Filter Driver (SONYPVU1) / SONYPVU1][Stopped/Manual Start]
  <system32\DRIVERS\SONYPVU1.SYS><Sony Corporation>
[sptd / sptd][Running/Boot Start]
  <\SystemRoot\System32\Drivers\sptd.sys><N/A>
[TAP VPN Adapter / tapvpn][Running/Manual Start]
  <system32\DRIVERS\tapvpn.sys><The OpenVPN Project>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
  <system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[TesSafe / TesSafe][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\TesSafe.sys><TENCENT>
[vmfilter303 / vmfilter303][Stopped/Manual Start]
  <system32\drivers\vmfilter303.sys><Vimicro Corporation>
[NTPort Library Driver / zntport][Stopped/Auto Start]
  <\??\C:\WINDOWS\system32\zntport.sys><N/A>
[VIMICRO USB PC Camera / ZSMC301b][Stopped/Manual Start]
  <System32\Drivers\usbVM31b.sys><N/A>
[USB PC Camera (Vimicro301 Neptune) / ZSMC303][Stopped/Manual Start]
  <System32\Drivers\usbVM303.sys><N/A>

==================================
浏览器加载项
[ThunderAtOnce Class]
  {01443AEC-0FD1-40fd-9C87-E93D1494C233} <D:\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[IEVkbdBHO Class]
  {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} <D:\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll, (Signed) Kaspersky Lab>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <D:\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[网页流量保护状态]
  {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <D:\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll, (Signed) Kaspersky Lab>
[QuickTime Object]
  {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} <d:\Ringz Studio\Storm Codec\QTSystem\QTPlugin.ocx, Apple Computer, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash10a.ocx, (Signed) Adobe Systems, Inc.>
[ThunderAtOnce Class]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <D:\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[]
  {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <, >
[IEVkbdBHO Class]
  {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} <D:\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll, (Signed) Kaspersky Lab>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <D:\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash10a.ocx, (Signed) Adobe Systems, Inc.>
[&U使用纳米机器人下载并收藏]
  <D:\NamiRobot\Data\du.html, N/A>
[使用迅雷下载]
  <D:\Thunder\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
  <D:\Thunder\Program\getallurl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://D:\MICROS~1\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ表情]
  <, >
[添加到卡巴斯基反广告]
  <D:\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm, N/A>

==================================

用户系统信息:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
分享到:
gototop
 
zzzwb
头像
快乐黄口狮
  • 帖子:161
  • 注册: 2006-01-22
  • 来自:
发表于: 2009-05-01 23:18 | 显示全部 短消息 资料
字号: 2楼

回复:启动QQ时,系统自带的画图工具自动打开,附日志!

正在运行的进程
[PID: 1340 / SYSTEM][\SystemRoot\System32\smss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1400 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1424 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\KASPER~1\KASPER~1\mzvkbd.dll]  [Kaspersky Lab, 8.0.0.506]
    [D:\KASPER~1\KASPER~1\mzvkbd3.dll]  [Kaspersky Lab, 8.0.0.506]
    [D:\KASPER~1\KASPER~1\adialhk.dll]  [Kaspersky Lab, 8.0.0.506]
    [D:\KASPER~1\KASPER~1\kloehk.dll]  [Kaspersky Lab, 8.0.0.506]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\klogon.dll]  [Kaspersky Lab, 8.0.0.506]
    [C:\WINDOWS\system32\COMRes.dll]  [Microsoft Corporation, 2001.12.4414.258]
[PID: 1480 / SYSTEM][C:\WINDOWS\system32\services.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\KASPER~1\KASPER~1\mzvkbd.dll]  [Kaspersky Lab, 8.0.0.506]
    [D:\KASPER~1\KASPER~1\mzvkbd3.dll]  [Kaspersky Lab, 8.0.0.506]
    [D:\KASPER~1\KASPER~1\adialhk.dll]  [Kaspersky Lab, 8.0.0.506]
    [D:\KASPER~1\KASPER~1\kloehk.dll]  [Kaspersky Lab, 8.0.0.506]
[PID: 1492 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\KASPER~1\KASPER~1\mzvkbd.dll]  [Kaspersky Lab, 8.0.0.506]
    [D:\KASPER~1\KASPER~1\mzvkbd3.dll]  [Kaspersky Lab, 8.0.0.506]
    [D:\KASPER~1\KASPER~1\adialhk.dll]  [Kaspersky Lab, 8.0.0.506]
    [D:\KASPER~1\KASPER~1\kloehk.dll]  [Kaspersky Lab, 8.0.0.506]
[PID: 1656 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\KASPER~1\KASPER~1\mzvkbd.dll]  [Kaspersky Lab, 8.0.0.506]
    [D:\KASPER~1\KASPER~1\mzvkbd3.dll]  [Kaspersky Lab, 8.0.0.506]
    [D:\KASPER~1\KASPER~1\adialhk.dll]  [Kaspersky Lab, 8.0.0.506]
    [D:\KASPER~1\KASPER~1\kloehk.dll]  [Kaspersky Lab, 8.0.0.506]
    [C:\WINDOWS\system32\COMRes.dll]  [Microsoft Corporation, 2001.12.4414.258]
[PID: 1716 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\KASPER~1\KASPER~1\mzvkbd.dll]  [Kaspersky Lab, 8.0.0.506]
    [D:\KASPER~1\KASPER~1\mzvkbd3.dll]  [Kaspersky Lab, 8.0.0.506]
    [D:\KASPER~1\KASPER~1\adialhk.dll]  [Kaspersky Lab, 8.0.0.506]
    [D:\KASPER~1\KASPER~1\kloehk.dll]  [Kaspersky Lab, 8.0.0.506]
    [C:\WINDOWS\system32\COMRes.dll]  [Microsoft Corporation, 2001.12.4414.258]
[PID: 1912 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\KASPER~1\KASPER~1\mzvkbd.dll]  [Kaspersky Lab, 8.0.0.506]
    [D:\KASPER~1\KASPER~1\mzvkbd3.dll]  [Kaspersky Lab, 8.0.0.506]
    [D:\KASPER~1\KASPER~1\adialhk.dll]  [Kaspersky Lab, 8.0.0.506]
    [D:\KASPER~1\KASPER~1\kloehk.dll]  [Kaspersky Lab, 8.0.0.506]
    [C:\WINDOWS\System32\COMRes.dll]  [Microsoft Corporation, 2001.12.4414.258]
[PID: 280 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\KASPER~1\KASPER~1\mzvkbd.dll]  [Kaspersky Lab, 8.0.0.506]
    [D:\KASPER~1\KASPER~1\mzvkbd3.dll]  [Kaspersky Lab, 8.0.0.506]
    [D:\KASPER~1\KASPER~1\adialhk.dll]  [Kaspersky Lab, 8.0.0.506]
    [D:\KASPER~1\KASPER~1\kloehk.dll]  [Kaspersky Lab, 8.0.0.506]
    [C:\WINDOWS\system32\COMRes.dll]  [Microsoft Corporation, 2001.12.4414.258]
[PID: 628 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\KASPER~1\KASPER~1\mzvkbd.dll]  [Kaspersky Lab, 8.0.0.506]
    [D:\KASPER~1\KASPER~1\mzvkbd3.dll]  [Kaspersky Lab, 8.0.0.506]
    [D:\KASPER~1\KASPER~1\adialhk.dll]  [Kaspersky Lab, 8.0.0.506]
    [D:\KASPER~1\KASPER~1\kloehk.dll]  [Kaspersky Lab, 8.0.0.506]
    [C:\WINDOWS\system32\COMRes.dll]  [Microsoft Corporation, 2001.12.4414.258]
[PID: 876 / Binwoo][C:\WINDOWS\Explorer.EXE]  [(Verified) Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\KASPER~1\KASPER~1\mzvkbd.dll]  [Kaspersky Lab, 8.0.0.506]
    [D:\KASPER~1\KASPER~1\mzvkbd3.dll]  [Kaspersky Lab, 8.0.0.506]
    [D:\KASPER~1\KASPER~1\adialhk.dll]  [Kaspersky Lab, 8.0.0.506]
    [D:\KASPER~1\KASPER~1\kloehk.dll]  [Kaspersky Lab, 8.0.0.506]
    [C:\WINDOWS\system32\COMRes.dll]  [Microsoft Corporation, 2001.12.4414.258]
    [C:\WINDOWS\system32\AcSignIcon.dll]  [Autodesk, 16.0.0.86]
    [C:\WINDOWS\Fonts\avxzjbgx.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll]  [Autodesk, 16.0.0.86]
    [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 8.1.0.0]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\system32\nvcpl.dll]  [NVIDIA Corporation, 6.14.10.8421]
    [C:\WINDOWS\system32\NVRSZHC.DLL]  [NVIDIA Corporation, 6.14.10.8421]
    [C:\WINDOWS\system32\nvshell.dll]  [, ]
    [D:\Unlocker\UnlockerCOM.dll]  [N/A, ]
    [D:\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 120]
    [D:\WinRAR\rarext.dll]  [N/A, ]
    [D:\Kaspersky Lab\Kaspersky Internet Security 2009\ShellEx.dll]  [Kaspersky Lab, 8.0.0.506]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [D:\Thunder\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.5.34]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
[PID: 952 / Binwoo][C:\WINDOWS\system32\ctfmon.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\KASPER~1\KASPER~1\mzvkbd.dll]  [Kaspersky Lab, 8.0.0.506]
    [D:\KASPER~1\KASPER~1\mzvkbd3.dll]  [Kaspersky Lab, 8.0.0.506]
    [D:\KASPER~1\KASPER~1\adialhk.dll]  [Kaspersky Lab, 8.0.0.506]
    [D:\KASPER~1\KASPER~1\kloehk.dll]  [Kaspersky Lab, 8.0.0.506]
    [C:\WINDOWS\Fonts\avxzjbgx.dll]  [, 1, 0, 0, 1]
[PID: 492 / SYSTEM][C:\WINDOWS\system32\drivers\CDAC11BA.EXE]  [Macrovision, 4.20.020]
    [D:\KASPER~1\KASPER~1\mzvkbd.dll]  [Kaspersky Lab, 8.0.0.506]
    [D:\KASPER~1\KASPER~1\mzvkbd3.dll]  [Kaspersky Lab, 8.0.0.506]
    [D:\KASPER~1\KASPER~1\kloehk.dll]  [Kaspersky Lab, 8.0.0.506]
[PID: 540 / SYSTEM][C:\WINDOWS\system32\nvsvc32.exe]  [NVIDIA Corporation, 6.14.10.8421]
    [D:\KASPER~1\KASPER~1\mzvkbd.dll]  [Kaspersky Lab, 8.0.0.506]
    [D:\KASPER~1\KASPER~1\mzvkbd3.dll]  [Kaspersky Lab, 8.0.0.506]
    [D:\KASPER~1\KASPER~1\kloehk.dll]  [Kaspersky Lab, 8.0.0.506]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 568 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\KASPER~1\KASPER~1\mzvkbd.dll]  [Kaspersky Lab, 8.0.0.506]
    [D:\KASPER~1\KASPER~1\mzvkbd3.dll]  [Kaspersky Lab, 8.0.0.506]
    [D:\KASPER~1\KASPER~1\adialhk.dll]  [Kaspersky Lab, 8.0.0.506]
    [D:\KASPER~1\KASPER~1\kloehk.dll]  [Kaspersky Lab, 8.0.0.506]
    [C:\WINDOWS\system32\COMRes.dll]  [Microsoft Corporation, 2001.12.4414.258]
[PID: 992 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
    [D:\KASPER~1\KASPER~1\mzvkbd.dll]  [Kaspersky Lab, 8.0.0.506]
    [D:\KASPER~1\KASPER~1\mzvkbd3.dll]  [Kaspersky Lab, 8.0.0.506]
    [D:\KASPER~1\KASPER~1\adialhk.dll]  [Kaspersky Lab, 8.0.0.506]
    [D:\KASPER~1\KASPER~1\kloehk.dll]  [Kaspersky Lab, 8.0.0.506]
[PID: 2368 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\KASPER~1\KASPER~1\mzvkbd.dll]  [Kaspersky Lab, 8.0.0.506]
    [D:\KASPER~1\KASPER~1\mzvkbd3.dll]  [Kaspersky Lab, 8.0.0.506]
    [D:\KASPER~1\KASPER~1\adialhk.dll]  [Kaspersky Lab, 8.0.0.506]
    [D:\KASPER~1\KASPER~1\kloehk.dll]  [Kaspersky Lab, 8.0.0.506]
    [C:\WINDOWS\System32\COMRes.dll]  [Microsoft Corporation, 2001.12.4414.258]
[PID: 3216 / Binwoo][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\KASPER~1\KASPER~1\mzvkbd.dll]  [Kaspersky Lab, 8.0.0.506]
    [D:\KASPER~1\KASPER~1\mzvkbd3.dll]  [Kaspersky Lab, 8.0.0.506]
    [D:\KASPER~1\KASPER~1\adialhk.dll]  [Kaspersky Lab, 8.0.0.506]
    [D:\KASPER~1\KASPER~1\kloehk.dll]  [Kaspersky Lab, 8.0.0.506]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\Fonts\avxzjbgx.dll]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\COMRes.dll]  [Microsoft Corporation, 2001.12.4414.258]
    [C:\WINDOWS\system32\AcSignIcon.dll]  [Autodesk, 16.0.0.86]
    [D:\Thunder\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.5.34]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [D:\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll]  [Kaspersky Lab, 8.0.0.506]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [D:\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 120]
    [D:\Kaspersky Lab\Kaspersky Internet Security 2009\scrchpg.dll]  [Kaspersky Lab, 8.0.0.506]
    [D:\Kaspersky Lab\Kaspersky Internet Security 2009\klscav.dll]  [Kaspersky Lab, 8.0.0.506]
    [D:\Kaspersky Lab\Kaspersky Internet Security 2009\prremote.dll]  [Kaspersky Lab, 8.0.0.506]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [D:\Kaspersky Lab\Kaspersky Internet Security 2009\prloader.dll]  [Kaspersky Lab, 8.0.0.506]
    [D:\Kaspersky Lab\Kaspersky Internet Security 2009\prkernel.ppl]  [Kaspersky Lab, 8.0.0.506]
    [d:\kaspersky lab\kaspersky internet security 2009\params.ppl]  [Kaspersky Lab, 8.0.0.506]
    [d:\kaspersky lab\kaspersky internet security 2009\pxstub.ppl]  [Kaspersky Lab, 8.0.0.506]
    [d:\kaspersky lab\kaspersky internet security 2009\tempfile.ppl]  [Kaspersky Lab, 8.0.0.506]
    [d:\kaspersky lab\kaspersky internet security 2009\nfio.ppl]  [Kaspersky Lab, 8.0.0.512]
    [d:\kaspersky lab\kaspersky internet security 2009\fsdrvplg.ppl]  [Kaspersky Lab, 8.0.0.506]
    [d:\kaspersky lab\kaspersky internet security 2009\fssync.dll]  [Kaspersky Lab, 8.0.5.506]
    [d:\kaspersky lab\kaspersky internet security 2009\basegui.ppl]  [Kaspersky Lab, 8.0.0.506]
    [d:\kaspersky lab\kaspersky internet security 2009\thpimpl.ppl]  [Kaspersky Lab, 8.0.0.506]
    [d:\kaspersky lab\kaspersky internet security 2009\winreg.ppl]  [Kaspersky Lab, 8.0.0.506]
    [C:\WINDOWS\system32\Macromed\Flash\Flash10a.ocx]  [Adobe Systems, Inc., 10,0,12,36]
[PID: 1084 / Binwoo][C:\DOCUME~1\Binwoo\LOCALS~1\Temp\Rar$EX01.453\SREngLdr.EXE]  [Smallfrogs Studio, 2.7.0.1210]
    [D:\KASPER~1\KASPER~1\mzvkbd.dll]  [Kaspersky Lab, 8.0.0.506]
    [D:\KASPER~1\KASPER~1\mzvkbd3.dll]  [Kaspersky Lab, 8.0.0.506]
    [D:\KASPER~1\KASPER~1\adialhk.dll]  [Kaspersky Lab, 8.0.0.506]
    [D:\KASPER~1\KASPER~1\kloehk.dll]  [Kaspersky Lab, 8.0.0.506]
[PID: 1868 / Binwoo][C:\DOCUME~1\Binwoo\LOCALS~1\Temp\Rar$EX01.453\SRE78cbe452.EXE]  [Smallfrogs Studio, 2.7.0.1210]
    [D:\KASPER~1\KASPER~1\mzvkbd.dll]  [Kaspersky Lab, 8.0.0.506]
    [D:\KASPER~1\KASPER~1\mzvkbd3.dll]  [Kaspersky Lab, 8.0.0.506]
    [D:\KASPER~1\KASPER~1\adialhk.dll]  [Kaspersky Lab, 8.0.0.506]
    [D:\KASPER~1\KASPER~1\kloehk.dll]  [Kaspersky Lab, 8.0.0.506]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\Fonts\avxzjbgx.dll]  [, 1, 0, 0, 1]
    [C:\DOCUME~1\Binwoo\LOCALS~1\Temp\Rar$EX01.453\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
    [C:\WINDOWS\system32\COMRes.dll]  [Microsoft Corporation, 2001.12.4414.258]

==================================
文件关联
.TXT  Error. [C:\WINDOWS\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
进程特权扫描
特殊特权被允许: SeLoadDriverPrivilege [PID = 1084, C:\DOCUME~1\BINWOO\LOCALS~1\TEMP\RAR$EX01.453\SRENGLDR.EXE]

==================================
计划任务
[已启用] SogouImeMgr.job
        d:\SOGOUI~1\413~1.239\PinyinRepair.exe

==================================
API HOOK
N/A

==================================
隐藏进程
    [2617] D:\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe

==================================


[/CODE]
gototop
 
zzzwb
头像
快乐黄口狮
  • 帖子:161
  • 注册: 2006-01-22
  • 来自:
发表于: 2009-05-02 13:18 | 显示全部 短消息 资料
字号: 3楼

回复:启动QQ时,系统自带的画图工具自动打开,附日志!

好贴 谢谢指教~
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT