瑞星卡卡安全论坛
欣LOVE欣 - 2007-5-1 17:45:00
我家电脑在进程里有很多 notepad.exe 这个程序 我现在有很多 游戏程序 都不好使了 但从装还能好使 从起以后就又不好使了 为什么啊 帮帮忙啊 !~!~谢谢了 !~!~
附件:
839875200751173533.bmp
水树雨下 - 2007-5-1 17:47:00
去下载sreng2,关闭qq,下载软件等一切不必要的程序后扫个日志上来,一次贴不完分段贴,不要修改
http://www.kztechs.com/sreng/sreng2.zip
欣LOVE欣 - 2007-5-1 17:57:00
扫描日志 是不是把 扫描完的东西都发上来啊 那里好多东西呢啊 不知道发哪个啊??
欣LOVE欣 - 2007-5-1 18:01:00
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
<MSMSGS><"C:\Program Files\Messenger\msmsgs.exe" /background> [(Verified)Microsoft Windows Publisher]
<iDuba Personal FireWall><> [N/A]
<EXPLORER><C:\Program Files\Common Files\System\wab32res.exe> []
<ryirgs><C:\DOCUME~1\liu\LOCALS~1\Temp\iexpl0re.exe> []
<kv93rkd2><C:\DOCUME~1\liu\LOCALS~1\Temp\crasos.exe> []
<wg10xj965dbv8><C:\DOCUME~1\liu\LOCALS~1\Temp\Servera.exe> []
<QQDownload><"D:\游戏\QQDownload\QQDownload.exe" autostart> [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<fy><C:\WINDOWS\Sysfy3\svchost.exe> []
<wm><C:\WINDOWS\Syswm7\svchost.exe> []
<wl><C:\WINDOWS\Syswl3\svchost.exe> []
<sun><C:\WINDOWS\SysSun2\svchost.exe> []
<JT><C:\WINDOWS\SysJT3\svchost.exe> []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows Publisher]
<PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Windows Publisher]
<PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Windows Publisher]
<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<nwiz><nwiz.exe /install> [N/A]
<NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit> [(Verified)Microsoft Windows Publisher]
<VTTimer><VTTimer.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<VTTrayp><VTtrayp.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<SoundMan><SOUNDMAN.EXE> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<LHotkey><LHotkey.exe> [Chicony]
<Kavrun><> [N/A]
<iDuba Personal FireWall><> [N/A]
<KavStart><"C:\KAV2005\KAVStart.exe" -startup> [Kingsoft Corporation]
<Exprer><C:\WINDOWS\Exprer.exe> []
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [(Verified)"RealNetworks, Inc."]
<IESAddr><; D:\迅雷\WebThunder.exe> []
<jfproc><; D:\播放器\ppfilm\jfCacheMgr.exe> []
<WebThunder><; D:\迅雷\WebThunder.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
欣LOVE欣 - 2007-5-1 18:02:00
服务
[Application Management / AppMgmt][Stopped/Manual Start]
<C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[TCP/IP Check / Hello Download][Stopped/Auto Start]
<C:\Program Files\Common Files\System\wab32res.exe><N/A>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Kingsoft Antivirus KWatch Service / KWatchSvc][Running/Auto Start]
<C:\KAV2005\KWatch.EXE><Kingsoft Corporation>
[NVIDIA Display Driver Service / NVSvc][Stopped/Auto Start]
<C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Windows Accounts Driver / WindowsConnections][Running/Auto Start]
<C:\WINDOWS\system32\server.exe><N/A>
欣LOVE欣 - 2007-5-1 18:02:00
驱动程序
[abp480n5 / abp480n5][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\ABP480N5.SYS><Microsoft Corporation>
[adpu160m / adpu160m][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\adpu160m.sys><Microsoft Corporation>
[Aha154x / Aha154x][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\aha154x.sys><Microsoft Corporation>
[aic78u2 / aic78u2][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\aic78u2.sys><Microsoft Corporation>
[aic78xx / aic78xx][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\aic78xx.sys><Microsoft Corporation>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[AliIde / AliIde][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\aliide.sys><Acer Laboratories Inc.>
[AMD AGP Bus Filter Driver / amdagp][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\amdagp.sys><Advanced Micro Devices, Inc.>
[asc / asc][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\asc.sys><Advanced System Products, Inc.>
[asc3350p / asc3350p][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\asc3350p.sys><Microsoft Corporation>
[asc3550 / asc3550][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\asc3550.sys><Advanced System Products, Inc.>
[cd20xrnt / cd20xrnt][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\cd20xrnt.sys><Microsoft Corporation>
[CmdIde / CmdIde][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[dac2w2k / dac2w2k][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\dac2w2k.sys><Mylex Corporation>
[dpti2o / dpti2o][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\dpti2o.sys><Microsoft Corporation>
[dump_wmimmc / dump_wmimmc][Stopped/Manual Start]
<2 - 系统找不到指定的文件。
><N/A>
[VIA Rhine-Family Fast Ethernet Adapter Driver Service / FETND5BV][Running/Manual Start]
<system32\DRIVERS\fetnd5bv.sys><VIA Technologies, Inc.>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Stopped/Manual Start]
<system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[ini910u / ini910u][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\ini910u.sys><Microsoft Corporation>
[KWatch3 / KWatch3][Running/System Start]
<\??\C:\WINDOWS\system32\drivers\KWatch3.SYS><Kingsoft Corporation>
[mraid35x / mraid35x][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\mraid35x.sys><American Megatrends Inc.>
[npkcrypt / npkcrypt][Running/Auto Start]
<\??\D:\游戏\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[NPPTNT2 / NPPTNT2][Running/Manual Start]
<\??\C:\WINDOWS\system32\npptNT2.sys><INCA Internet Co., Ltd.>
[NTSIM / NTSIM][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\ntsim.sys><VIA Networking Technologies, Inc.>
[nv / nv][Stopped/Manual Start]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[ql1080 / ql1080][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\ql1080.sys><QLogic Corporation>
[Ql10wnt / Ql10wnt][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\ql10wnt.sys><Microsoft Corporation>
[ql12160 / ql12160][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\ql12160.sys><QLogic Corporation>
[ql1280 / ql1280][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\ql1280.sys><QLogic Corporation>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><N/A>
[Sparrow / Sparrow][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\sparrow.sys><Adaptec, Inc.>
[symc810 / symc810][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\symc810.sys><Symbios Logic Inc.>
[symc8xx / symc8xx][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\symc8xx.sys><LSI Logic>
[sym_hi / sym_hi][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\sym_hi.sys><LSI Logic>
[sym_u3 / sym_u3][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\sym_u3.sys><LSI Logic>
[TosIde / TosIde][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\toside.sys><Microsoft Corporation>
[ultra / ultra][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\ultra.sys><Promise Technology, Inc.>
[viagfx / viagfx][Running/Manual Start]
<system32\DRIVERS\vtmini.sys><Copyright (C) VIA/S3 Graphics Co, Ltd.>
[ViaIde / ViaIde][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
欣LOVE欣 - 2007-5-1 18:03:00
浏览器加载项
[QQCycloneHelper Class]
{00000000-12C9-4305-82F9-43058F20E8D2} <D:\游戏\QQDownload\QQIEHelper01.dll, 腾讯公司>
[WebThunder Browser Helper]
{00000AAA-A363-466E-BEF5-9BB68697AA7F} <D:\迅雷\WebThunderBHO_016.dll, Thunder Networking Technologies,LTD>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Acrobatchs\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[]
{669751ED-D558-49AE-B01A-3B374CC7910E} <C:\WINDOWS\system32\ssup.dll, TENCENT>
[浩方对战平台]
{0A155D3C-68E2-4215-A47A-E800A446447A} <D:\游戏\浩方对站平台\浩方对战平台\GameClient.exe, N/A>
[联想]
{6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.lenovo.com, N/A>
[启动Web迅雷]
{962EFB8E-2683-42d4-AC74-AAA4C759B9C6} <http://my.xunlei.com, N/A>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\游戏\QQ\QQ.EXE, N/A>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[QQCycloneHelper Class]
{00000000-12C9-4305-82F9-43058F20E8D2} <D:\游戏\QQDownload\QQIEHelper01.dll, 腾讯公司>
[WebThunder Browser Helper]
{00000AAA-A363-466E-BEF5-9BB68697AA7F} <D:\迅雷\WebThunderBHO_016.dll, Thunder Networking Technologies,LTD>
[WebThunder Class]
{03507A1A-E0C5-4404-AA26-205385C0892D} <, N/A>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Acrobatchs\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[]
{669751ED-D558-49AE-B01A-3B374CC7910E} <C:\WINDOWS\system32\ssup.dll, TENCENT>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[ActiveX Class]
{C3D8F2C7-A508-4724-BC3A-C247058D17EB} <D:\播放器\网络媒体播放器\VODPlayer.dll, SkyucCOM>
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\flash.ocx, Macromedia, Inc.>
[&使用超级旋风下载]
<D:\游戏\QQDownload\geturl.htm, N/A>
[&使用超级旋风下载全部链接]
<D:\游戏\QQDownload\getAllurl.htm, N/A>
[上传到QQ网络硬盘]
<D:\游戏\QQ\AddToNetDisk.htm, N/A>
[使用Web迅雷下载]
<D:\迅雷\GetUrl.htm, N/A>
[使用Web迅雷下载全部链接]
<D:\迅雷\GetAllUrl.htm, N/A>
[添加到QQ自定义面板]
<D:\游戏\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
<D:\游戏\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<D:\游戏\QQ\SendMMS.htm, N/A>
欣LOVE欣 - 2007-5-1 18:06:00
[PID: 540][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 596][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 620][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 664][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 676][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 828][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 892][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1000][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1444][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Acrobatchs\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0]
[C:\WINDOWS\system32\nvcpl.dll] [NVIDIA Corporation, 6.14.10.7184]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\Exprer.dll] [N/A, ]
[C:\WINDOWS\Sysfy3\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswm7\Ghook.dll] [N/A, ]
[C:\WINDOWS\SysJT3\Ghook.dll] [N/A, ]
[C:\KAV2005\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233]
[C:\WINDOWS\SysSun2\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswl3\Ghook.dll] [N/A, ]
[C:\WINDOWS\HKNTDLL.dll] [N/A, ]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[C:\KAV2005\KAVEXT.DLL] [Kingsoft Corporation, 2005, 2, 21, 13]
[C:\DOCUME~1\liu\LOCALS~1\Temp\LgSy0.dll] [N/A, ]
[C:\DOCUME~1\liu\LOCALS~1\Temp\Msxo1.dll] [N/A, ]
[C:\DOCUME~1\liu\LOCALS~1\Temp\Kavs1.dll] [N/A, ]
[PID: 1820][C:\WINDOWS\system32\VTTimer.exe] [S3 Graphics, Inc., 2.00.01-0307]
[C:\WINDOWS\SysJT3\Ghook.dll] [N/A, ]
[C:\WINDOWS\SysSun2\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswl3\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswm7\Ghook.dll] [N/A, ]
[C:\WINDOWS\Sysfy3\Ghook.dll] [N/A, ]
[C:\KAV2005\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233]
[PID: 1832][C:\WINDOWS\system32\VTtrayp.exe] [S3 Graphics Co., Ltd., 2.00.36-0308B]
[C:\WINDOWS\system32\VTDisply.dll] [S3 Graphics Co., Ltd., 2.00.51-0308]
[C:\WINDOWS\system32\VTGamma2.dll] [S3 Graphics Co., Ltd., 2.00.21-0308B]
[C:\WINDOWS\system32\VTInfo2.dll] [S3 Graphics Co., Ltd., 2.00.26-0308B]
[C:\WINDOWS\system32\VTOvrlay.dll] [S3 Graphics Co., Ltd., 2.00.23-0308B]
[C:\KAV2005\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233]
[C:\WINDOWS\SysJT3\Ghook.dll] [N/A, ]
[C:\WINDOWS\SysSun2\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswl3\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswm7\Ghook.dll] [N/A, ]
[C:\WINDOWS\Sysfy3\Ghook.dll] [N/A, ]
[PID: 1844][C:\WINDOWS\SOUNDMAN.EXE] [Realtek Semiconductor Corp., 5.1.0.42]
[C:\WINDOWS\SysJT3\Ghook.dll] [N/A, ]
[C:\WINDOWS\SysSun2\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswl3\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswm7\Ghook.dll] [N/A, ]
[C:\WINDOWS\Sysfy3\Ghook.dll] [N/A, ]
[C:\KAV2005\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233]
[PID: 1852][C:\WINDOWS\LHotkey.exe] [Chicony, 1. 0. 0. 1]
[C:\WINDOWS\HKNTDLL.dll] [N/A, ]
[C:\WINDOWS\SysJT3\Ghook.dll] [N/A, ]
[C:\WINDOWS\SysSun2\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswl3\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswm7\Ghook.dll] [N/A, ]
[C:\WINDOWS\Sysfy3\Ghook.dll] [N/A, ]
[C:\KAV2005\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233]
[PID: 1860][C:\KAV2005\KAVStart.exe] [Kingsoft Corporation, 2005, 10, 10, 150]
[C:\KAV2005\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\KAV2005\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\KAV2005\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\KAV2005\MFC71CHS.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\KAV2005\KAVIPC2.DLL] [Kingsoft Corporation, 2004, 12, 28, 20]
[C:\KAV2005\KAVPassp.dll] [Kingsoft Corporation, 2006, 12, 30, 271]
[C:\WINDOWS\SysJT3\Ghook.dll] [N/A, ]
[C:\WINDOWS\SysSun2\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswl3\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswm7\Ghook.dll] [N/A, ]
[C:\WINDOWS\Sysfy3\Ghook.dll] [N/A, ]
[C:\KAV2005\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233]
[PID: 1880][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] [RealNetworks, Inc., 0.1.0.3760]
[C:\WINDOWS\SysJT3\Ghook.dll] [N/A, ]
[C:\WINDOWS\SysSun2\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswl3\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswm7\Ghook.dll] [N/A, ]
[C:\WINDOWS\Sysfy3\Ghook.dll] [N/A, ]
[C:\KAV2005\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233]
[PID: 1904][C:\WINDOWS\Sysfy3\svchost.exe] [N/A, ]
[C:\WINDOWS\Sysfy3\Ghook.dll] [N/A, ]
[PID: 1916][C:\WINDOWS\Syswm7\svchost.exe] [N/A, ]
[C:\WINDOWS\Syswm7\Ghook.dll] [N/A, ]
[PID: 1952][C:\WINDOWS\Syswl3\svchost.exe] [N/A, ]
[C:\WINDOWS\Syswl3\Ghook.dll] [N/A, ]
[PID: 2008][C:\KAV2005\KMailMon.EXE] [Kingsoft Corporation, 2005, 6, 30, 74]
[C:\KAV2005\KAntiSpm.dll] [, 1, 0, 0, 2]
[C:\KAV2005\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\KAV2005\KAVIPC2.DLL] [Kingsoft Corporation, 2004, 12, 28, 20]
[C:\KAV2005\KAECall2.DLL] [Kingsoft Corporation, 2004, 12, 28, 7]
[C:\KAV2005\KAEPlat.DLL] [Kingsoft Corp., 2004, 11, 26, 53]
[C:\KAV2005\KAEMem.DAT] [Kingsoft, 2004, 11, 9, 11]
[C:\KAV2005\KAConfig.DLL] [Kingsoft Corporation, 2005, 3, 23, 30]
[C:\KAV2005\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233]
[C:\WINDOWS\SysJT3\Ghook.dll] [N/A, ]
[C:\WINDOWS\SysSun2\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswl3\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswm7\Ghook.dll] [N/A, ]
[C:\WINDOWS\Sysfy3\Ghook.dll] [N/A, ]
[PID: 120][C:\WINDOWS\SysSun2\svchost.exe] [N/A, ]
[C:\WINDOWS\SysSun2\Ghook.dll] [N/A, ]
[PID: 144][C:\WINDOWS\SysJT3\svchost.exe] [N/A, ]
[C:\WINDOWS\SysJT3\Ghook.dll] [N/A, ]
[PID: 180][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\KAV2005\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233]
[C:\WINDOWS\SysJT3\Ghook.dll] [N/A, ]
[C:\WINDOWS\SysSun2\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswl3\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswm7\Ghook.dll] [N/A, ]
[C:\WINDOWS\Sysfy3\Ghook.dll] [N/A, ]
[PID: 212][C:\Program Files\Messenger\msmsgs.exe] [Microsoft Corporation, 4.7.3000]
[C:\KAV2005\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233]
[C:\WINDOWS\SysJT3\Ghook.dll] [N/A, ]
[C:\WINDOWS\SysSun2\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswl3\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswm7\Ghook.dll] [N/A, ]
[C:\WINDOWS\Sysfy3\Ghook.dll] [N/A, ]
[PID: 2176][C:\WINDOWS\system32\notepad.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\KAV2005\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233]
[C:\WINDOWS\SysJT3\Ghook.dll] [N/A, ]
[C:\WINDOWS\SysSun2\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswl3\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswm7\Ghook.dll] [N/A, ]
[C:\WINDOWS\Sysfy3\Ghook.dll] [N/A, ]
[PID: 2324][C:\WINDOWS\system32\notepad.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\KAV2005\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233]
[C:\WINDOWS\SysJT3\Ghook.dll] [N/A, ]
[C:\WINDOWS\SysSun2\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswl3\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswm7\Ghook.dll] [N/A, ]
[C:\WINDOWS\Sysfy3\Ghook.dll] [N/A, ]
[PID: 2340][C:\WINDOWS\system32\notepad.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\KAV2005\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233]
[C:\WINDOWS\SysJT3\Ghook.dll] [N/A, ]
[C:\WINDOWS\SysSun2\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswl3\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswm7\Ghook.dll] [N/A, ]
[C:\WINDOWS\Sysfy3\Ghook.dll] [N/A, ]
[PID: 2836][C:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\KAV2005\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233]
[C:\WINDOWS\SysJT3\Ghook.dll] [N/A, ]
[C:\WINDOWS\SysSun2\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswl3\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswm7\Ghook.dll] [N/A, ]
[C:\WINDOWS\Sysfy3\Ghook.dll] [N/A, ]
欣LOVE欣 - 2007-5-1 18:07:00
[PID: 3936][C:\WINDOWS\system32\notepad.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\KAV2005\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233]
[C:\WINDOWS\SysJT3\Ghook.dll] [N/A, ]
[C:\WINDOWS\SysSun2\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswl3\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswm7\Ghook.dll] [N/A, ]
[C:\WINDOWS\Sysfy3\Ghook.dll] [N/A, ]
[D:\游戏\跑跑卡丁车\M01\GameGuard.des] [INCA Internet Co., Ltd., 2006, 9, 12, 1]
[C:\DOCUME~1\liu\LOCALS~1\Temp\np2.tmp] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\DOCUME~1\liu\LOCALS~1\Temp\np3.tmp] [Microsoft Corporation, 5.1.2600.2622 (xpsp_sp2_gdr.050301-1519)]
[C:\DOCUME~1\liu\LOCALS~1\Temp\np4.tmp] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\KAV2005\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233]
[C:\WINDOWS\SysJT3\Ghook.dll] [N/A, ]
[C:\WINDOWS\SysSun2\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswl3\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswm7\Ghook.dll] [N/A, ]
[C:\WINDOWS\Sysfy3\Ghook.dll] [N/A, ]
[D:\游戏\跑跑卡丁车\M01\GameGuard\npggNT.des] [INCA Internet Co., Ltd., 2006, 10, 11, 1]
[PID: 3884][C:\program files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3924][C:\WINDOWS\system32\notepad.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\KAV2005\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233]
[C:\WINDOWS\SysJT3\Ghook.dll] [N/A, ]
[C:\WINDOWS\SysSun2\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswl3\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswm7\Ghook.dll] [N/A, ]
[C:\WINDOWS\Sysfy3\Ghook.dll] [N/A, ]
[PID: 528][C:\WINDOWS\system32\notepad.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\KAV2005\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233]
[C:\WINDOWS\SysJT3\Ghook.dll] [N/A, ]
[C:\WINDOWS\SysSun2\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswl3\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswm7\Ghook.dll] [N/A, ]
[C:\WINDOWS\Sysfy3\Ghook.dll] [N/A, ]
[PID: 2884][C:\WINDOWS\system32\notepad.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\KAV2005\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233]
[C:\WINDOWS\SysJT3\Ghook.dll] [N/A, ]
[C:\WINDOWS\SysSun2\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswl3\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswm7\Ghook.dll] [N/A, ]
[C:\WINDOWS\Sysfy3\Ghook.dll] [N/A, ]
[PID: 1276][C:\WINDOWS\system32\notepad.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\KAV2005\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233]
[C:\WINDOWS\SysJT3\Ghook.dll] [N/A, ]
[C:\WINDOWS\SysSun2\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswl3\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswm7\Ghook.dll] [N/A, ]
[C:\WINDOWS\Sysfy3\Ghook.dll] [N/A, ]
[PID: 3596][C:\WINDOWS\system32\notepad.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\KAV2005\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233]
[C:\WINDOWS\SysJT3\Ghook.dll] [N/A, ]
[C:\WINDOWS\SysSun2\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswl3\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswm7\Ghook.dll] [N/A, ]
[C:\WINDOWS\Sysfy3\Ghook.dll] [N/A, ]
[PID: 1724][C:\WINDOWS\system32\notepad.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\KAV2005\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233]
[C:\WINDOWS\SysJT3\Ghook.dll] [N/A, ]
[C:\WINDOWS\SysSun2\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswl3\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswm7\Ghook.dll] [N/A, ]
[C:\WINDOWS\Sysfy3\Ghook.dll] [N/A, ]
[PID: 2784][C:\WINDOWS\system32\notepad.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\KAV2005\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233]
[C:\WINDOWS\SysJT3\Ghook.dll] [N/A, ]
[C:\WINDOWS\SysSun2\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswl3\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswm7\Ghook.dll] [N/A, ]
[C:\WINDOWS\Sysfy3\Ghook.dll] [N/A, ]
[PID: 3492][C:\WINDOWS\system32\notepad.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\KAV2005\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233]
[C:\WINDOWS\SysJT3\Ghook.dll] [N/A, ]
[C:\WINDOWS\SysSun2\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswl3\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswm7\Ghook.dll] [N/A, ]
[C:\WINDOWS\Sysfy3\Ghook.dll] [N/A, ]
[PID: 2660][C:\WINDOWS\system32\notepad.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\KAV2005\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233]
[C:\WINDOWS\SysJT3\Ghook.dll] [N/A, ]
[C:\WINDOWS\SysSun2\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswl3\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswm7\Ghook.dll] [N/A, ]
[C:\WINDOWS\Sysfy3\Ghook.dll] [N/A, ]
[PID: 3048][C:\WINDOWS\system32\notepad.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\KAV2005\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233]
[C:\WINDOWS\SysJT3\Ghook.dll] [N/A, ]
[C:\WINDOWS\SysSun2\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswl3\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswm7\Ghook.dll] [N/A, ]
[C:\WINDOWS\Sysfy3\Ghook.dll] [N/A, ]
[PID: 2988][C:\WINDOWS\system32\notepad.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\KAV2005\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233]
[C:\WINDOWS\SysJT3\Ghook.dll] [N/A, ]
[C:\WINDOWS\SysSun2\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswl3\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswm7\Ghook.dll] [N/A, ]
[C:\WINDOWS\Sysfy3\Ghook.dll] [N/A, ]
[PID: 736][C:\WINDOWS\system32\notepad.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\KAV2005\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233]
[C:\WINDOWS\SysJT3\Ghook.dll] [N/A, ]
[C:\WINDOWS\SysSun2\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswl3\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswm7\Ghook.dll] [N/A, ]
[C:\WINDOWS\Sysfy3\Ghook.dll] [N/A, ]
[PID: 3216][C:\WINDOWS\system32\notepad.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\KAV2005\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233]
[C:\WINDOWS\SysJT3\Ghook.dll] [N/A, ]
[C:\WINDOWS\SysSun2\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswl3\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswm7\Ghook.dll] [N/A, ]
[C:\WINDOWS\Sysfy3\Ghook.dll] [N/A, ]
[PID: 3808][C:\WINDOWS\system32\notepad.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\KAV2005\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233]
[C:\WINDOWS\SysJT3\Ghook.dll] [N/A, ]
[C:\WINDOWS\SysSun2\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswl3\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswm7\Ghook.dll] [N/A, ]
[C:\WINDOWS\Sysfy3\Ghook.dll] [N/A, ]
[PID: 2576][C:\WINDOWS\system32\notepad.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\KAV2005\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233]
[C:\WINDOWS\SysJT3\Ghook.dll] [N/A, ]
[C:\WINDOWS\SysSun2\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswl3\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswm7\Ghook.dll] [N/A, ]
[C:\WINDOWS\Sysfy3\Ghook.dll] [N/A, ]
[PID: 2804][C:\WINDOWS\system32\notepad.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\KAV2005\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233]
[C:\WINDOWS\SysJT3\Ghook.dll] [N/A, ]
[C:\WINDOWS\SysSun2\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswl3\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswm7\Ghook.dll] [N/A, ]
[C:\WINDOWS\Sysfy3\Ghook.dll] [N/A, ]
欣LOVE欣 - 2007-5-1 18:09:00
ID: 328][C:\WINDOWS\system32\notepad.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\KAV2005\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233]
[C:\WINDOWS\SysJT3\Ghook.dll] [N/A, ]
[C:\WINDOWS\SysSun2\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswl3\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswm7\Ghook.dll] [N/A, ]
[C:\WINDOWS\Sysfy3\Ghook.dll] [N/A, ]
[PID: 3648][C:\WINDOWS\system32\notepad.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\KAV2005\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233]
[C:\WINDOWS\SysJT3\Ghook.dll] [N/A, ]
[C:\WINDOWS\SysSun2\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswl3\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswm7\Ghook.dll] [N/A, ]
[C:\WINDOWS\Sysfy3\Ghook.dll] [N/A, ]
[PID: 412][C:\WINDOWS\system32\notepad.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\KAV2005\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233]
[C:\WINDOWS\SysJT3\Ghook.dll] [N/A, ]
[C:\WINDOWS\SysSun2\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswl3\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswm7\Ghook.dll] [N/A, ]
[C:\WINDOWS\Sysfy3\Ghook.dll] [N/A, ]
[PID: 2748][C:\WINDOWS\system32\notepad.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\KAV2005\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233]
[C:\WINDOWS\SysJT3\Ghook.dll] [N/A, ]
[C:\WINDOWS\SysSun2\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswl3\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswm7\Ghook.dll] [N/A, ]
[C:\WINDOWS\Sysfy3\Ghook.dll] [N/A, ]
[PID: 2432][C:\WINDOWS\system32\notepad.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\KAV2005\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233]
[C:\WINDOWS\SysJT3\Ghook.dll] [N/A, ]
[C:\WINDOWS\SysSun2\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswl3\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswm7\Ghook.dll] [N/A, ]
[C:\WINDOWS\Sysfy3\Ghook.dll] [N/A, ]
[PID: 2508][C:\WINDOWS\system32\notepad.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\KAV2005\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233]
[C:\WINDOWS\SysJT3\Ghook.dll] [N/A, ]
[C:\WINDOWS\SysSun2\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswl3\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswm7\Ghook.dll] [N/A, ]
[C:\WINDOWS\Sysfy3\Ghook.dll] [N/A, ]
[PID: 2652][C:\WINDOWS\system32\notepad.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\KAV2005\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233]
[C:\WINDOWS\SysJT3\Ghook.dll] [N/A, ]
[C:\WINDOWS\SysSun2\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswl3\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswm7\Ghook.dll] [N/A, ]
[C:\WINDOWS\Sysfy3\Ghook.dll] [N/A, ]
[PID: 2232][C:\WINDOWS\system32\notepad.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\KAV2005\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233]
[C:\WINDOWS\SysJT3\Ghook.dll] [N/A, ]
[C:\WINDOWS\SysSun2\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswl3\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswm7\Ghook.dll] [N/A, ]
[C:\WINDOWS\Sysfy3\Ghook.dll] [N/A, ]
[PID: 592][C:\WINDOWS\system32\notepad.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\KAV2005\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233]
[C:\WINDOWS\SysJT3\Ghook.dll] [N/A, ]
[C:\WINDOWS\SysSun2\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswl3\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswm7\Ghook.dll] [N/A, ]
[C:\WINDOWS\Sysfy3\Ghook.dll] [N/A, ]
[PID: 996][C:\WINDOWS\system32\notepad.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\KAV2005\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233]
[C:\WINDOWS\SysJT3\Ghook.dll] [N/A, ]
[C:\WINDOWS\SysSun2\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswl3\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswm7\Ghook.dll] [N/A, ]
[C:\WINDOWS\Sysfy3\Ghook.dll] [N/A, ]
[PID: 2200][C:\WINDOWS\system32\notepad.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\KAV2005\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233]
[C:\WINDOWS\SysJT3\Ghook.dll] [N/A, ]
[C:\WINDOWS\SysSun2\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswl3\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswm7\Ghook.dll] [N/A, ]
[C:\WINDOWS\Sysfy3\Ghook.dll] [N/A, ]
[PID: 2408][C:\WINDOWS\system32\notepad.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\KAV2005\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233]
[C:\WINDOWS\SysJT3\Ghook.dll] [N/A, ]
[C:\WINDOWS\SysSun2\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswl3\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswm7\Ghook.dll] [N/A, ]
[C:\WINDOWS\Sysfy3\Ghook.dll] [N/A, ]
[PID: 784][C:\WINDOWS\system32\notepad.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\KAV2005\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233]
[C:\WINDOWS\SysJT3\Ghook.dll] [N/A, ]
[C:\WINDOWS\SysSun2\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswl3\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswm7\Ghook.dll] [N/A, ]
[C:\WINDOWS\Sysfy3\Ghook.dll] [N/A, ]
[PID: 2216][C:\WINDOWS\system32\notepad.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\KAV2005\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233]
[C:\WINDOWS\SysJT3\Ghook.dll] [N/A, ]
[C:\WINDOWS\SysSun2\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswl3\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswm7\Ghook.dll] [N/A, ]
[C:\WINDOWS\Sysfy3\Ghook.dll] [N/A, ]
[PID: 3716][C:\WINDOWS\system32\notepad.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\KAV2005\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233]
[C:\WINDOWS\SysJT3\Ghook.dll] [N/A, ]
[C:\WINDOWS\SysSun2\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswl3\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswm7\Ghook.dll] [N/A, ]
[C:\WINDOWS\Sysfy3\Ghook.dll] [N/A, ]
[PID: 1728][C:\WINDOWS\system32\notepad.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\KAV2005\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233]
[C:\WINDOWS\SysJT3\Ghook.dll] [N/A, ]
[C:\WINDOWS\SysSun2\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswl3\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswm7\Ghook.dll] [N/A, ]
[C:\WINDOWS\Sysfy3\Ghook.dll] [N/A, ]
[PID: 860][C:\WINDOWS\system32\notepad.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\KAV2005\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233]
[C:\WINDOWS\SysJT3\Ghook.dll] [N/A, ]
[C:\WINDOWS\SysSun2\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswl3\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswm7\Ghook.dll] [N/A, ]
[C:\WINDOWS\Sysfy3\Ghook.dll] [N/A, ]
[PID: 2476][C:\WINDOWS\system32\notepad.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\KAV2005\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233]
[C:\WINDOWS\SysJT3\Ghook.dll] [N/A, ]
[C:\WINDOWS\SysSun2\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswl3\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswm7\Ghook.dll] [N/A, ]
[C:\WINDOWS\Sysfy3\Ghook.dll] [N/A, ]
[PID: 1420][C:\WINDOWS\system32\notepad.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\KAV2005\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233]
[C:\WINDOWS\SysJT3\Ghook.dll] [N/A, ]
[C:\WINDOWS\SysSun2\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswl3\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswm7\Ghook.dll] [N/A, ]
[C:\WINDOWS\Sysfy3\Ghook.dll] [N/A, ]
[PID: 1576][C:\WINDOWS\system32\notepad.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\KAV2005\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233]
[C:\WINDOWS\SysJT3\Ghook.dll] [N/A, ]
[C:\WINDOWS\SysSun2\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswl3\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswm7\Ghook.dll] [N/A, ]
[C:\WINDOWS\Sysfy3\Ghook.dll] [N/A, ]
[PID: 2692][C:\WINDOWS\system32\notepad.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\KAV2005\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233]
[C:\WINDOWS\SysJT3\Ghook.dll] [N/A, ]
[C:\WINDOWS\SysSun2\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswl3\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswm7\Ghook.dll] [N/A, ]
[C:\WINDOWS\Sysfy3\Ghook.dll] [N/A, ]
[PID: 360][C:\WINDOWS\system32\notepad.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\KAV2005\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233]
[C:\WINDOWS\SysJT3\Ghook.dll] [N/A, ]
[C:\WINDOWS\SysSun2\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswl3\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswm7\Ghook.dll] [N/A, ]
[C:\WINDOWS\Sysfy3\Ghook.dll] [N/A, ]
欣LOVE欣 - 2007-5-1 18:10:00
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
欣LOVE欣 - 2007-5-1 18:10:00
HOSTS 文件
127.0.0.1 localhost
127.0.0.1 mmm.caifu18.net
127.0.0.1 www.18dmm.com
127.0.0.1 d.qbbd.com
127.0.0.1 www.5117music.com
127.0.0.1 www.union123.com
127.0.0.1 www.wu7x.cn
127.0.0.1 www.54699.com
127.0.0.1 www1.6tan.com
127.0.0.1 www2.6tan.com
127.0.0.1 www.97725.com
127.0.0.1 down.97725.com
127.0.0.1 ip.315hack.com
127.0.0.1 ip.54liumang.com
127.0.0.1 www.41ip.com
127.0.0.1 xulao.com
127.0.0.1 www.heixiou.com
127.0.0.1 www.9cyy.com
127.0.0.1 www.hunll.com
127.0.0.1 www.down.hunll.com
127.0.0.1 do.77276.com
127.0.0.1 www.baidulink.com
127.0.0.1 adnx.yygou.cn
127.0.0.1 222.73.220.45
127.0.0.1 www.f5game.com
127.0.0.1 www.guazhan.cn
127.0.0.1 wm,103715.com
127.0.0.1 www.my6688.cn
127.0.0.1 i.96981.com
127.0.0.1 d.77276.com
127.0.0.1 www1.cw988.cn
127.0.0.1 cool.47555.com
127.0.0.1 www.asdwc.com
127.0.0.1 55880.cn
127.0.0.1 61.152.169.234
127.0.0.1 cc.wzxqy.com
127.0.0.1 www.54699.com
127.0.0.1 t.gcuj.com
127.0.0.1 www.puma163.com
127.0.0.1 ceoww.com
127.0.0.1 boolom.com
127.0.0.1 adult-novel.cn
127.0.0.1 ll.chinasese.net
127.0.0.1 www.tellumore.com
127.0.0.1 www.o1wg.com
127.0.0.1 www.qq756.com
127.0.0.1 ll.chinasese.net
欣LOVE欣 - 2007-5-1 18:11:00
API HOOK
入口点错误:LoadLibraryExW (危险等级: 一般, 被下面模块所HOOK: C:\KAV2005\KASocket.dll)
==================================
隐藏进程
[2528] D:\游戏\跑跑卡丁车\M01\GameGuard\GameMon.des
欣LOVE欣 - 2007-5-1 18:12:00
还有好多进程 发 不完都啊 这些 够吗 帮看看谢谢了
欣LOVE欣 - 2007-5-1 18:18:00
大哥们 帮我看看啊 现在什么程序都不行啊 系统还原以后 还有这样的问题 到底是怎么回事啊???
zzsd - 2007-5-1 18:21:00
我推荐用微 点。
�火影忍者 - 2007-5-1 18:26:00
进到安全模式下[安全模式进入方法:重启电脑时按住F8 选择进入安全模式],
运行SREng-在"启动项目->注册表->删以下启动项目
<EXPLORER><C:\Program Files\Common Files\System\wab32res.exe> []
<ryirgs><C:\DOCUME~1\liu\LOCALS~1\Temp\iexpl0re.exe> []
<kv93rkd2><C:\DOCUME~1\liu\LOCALS~1\Temp\crasos.exe> []
<wg10xj965dbv8><C:\DOCUME~1\liu\LOCALS~1\Temp\Servera.exe> []
<fy><C:\WINDOWS\Sysfy3\svchost.exe> []
<wm><C:\WINDOWS\Syswm7\svchost.exe> []
<wl><C:\WINDOWS\Syswl3\svchost.exe> []
<sun><C:\WINDOWS\SysSun2\svchost.exe> []
<JT><C:\WINDOWS\SysJT3\svchost.exe> []
<Exprer><C:\WINDOWS\Exprer.exe> []
运行SREng-在"启动项目->服务->"Win32服务应用程序"选中"隐藏已认证的微软服务" 然后将下面名称的服务删除(选中有问题的服务后,点“删除服务”,点“设置”按钮即可。 注意弹出的窗口中要点 “NO 否”才是确认删除服务)(不能删除的就禁用:启动类型改为disabled,点中修改启动类型,点设置):
[TCP/IP Check / Hello Download][Stopped/Auto Start]
<C:\Program Files\Common Files\System\wab32res.exe><N/A>
删除以下文件:
C:\WINDOWS\system32\Exprer.dll
C:\WINDOWS\Sysfy3\Ghook.dll
C:\WINDOWS\Syswl3\Ghook.dll
C:\WINDOWS\SysSun2\Ghook.dll
C:\WINDOWS\Syswm7\Ghook.dll
C:\WINDOWS\SysJT3\Ghook.dll
C:\WINDOWS\HKNTDLL.dll
C:\Program Files\Common Files\System\wab32res.exe
C:\WINDOWS\Exprer.exe
C:\WINDOWS\SysSun2\svchost.ex
C:\WINDOWS\SysJT3\svchost.exe
C:\WINDOWS\Sysfy3\svchost.exe
<wm><C:\WINDOWS\Syswm7\svchost.exe
<wl><C:\WINDOWS\Syswl3\svchost.exe
C:\Program Files\Common Files\System\wab32res.exe
C:\DOCUME~1\liu\LOCALS~1\Temp\清空这个文件夹。
SRE--系统修复--hosts文件--重置
还有问题,再扫个日志上来..
carabe - 2007-5-1 18:30:00
注册表
<EXPLORER><C:\Program Files\Common Files\System\wab32res.exe> []
<ryirgs><C:\DOCUME~1\liu\LOCALS~1\Temp\iexpl0re.exe> []
<kv93rkd2><C:\DOCUME~1\liu\LOCALS~1\Temp\crasos.exe> []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<fy><C:\WINDOWS\Sysfy3\svchost.exe> []
<wm><C:\WINDOWS\Syswm7\svchost.exe> []
<wl><C:\WINDOWS\Syswl3\svchost.exe> []
<sun><C:\WINDOWS\SysSun2\svchost.exe> []
<JT><C:\WINDOWS\SysJT3\svchost.exe> []
服务
[TCP/IP Check / Hello Download][Stopped/Auto Start]
<C:\Program Files\Common Files\System\wab32res.exe><N/A>
[Windows Accounts Driver / WindowsConnections][Running/Auto Start]
<C:\WINDOWS\system32\server.exe><N/A>
运行程序
注入桌面
[PID: 1444][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\Exprer.dll] [N/A, ]
[C:\WINDOWS\Sysfy3\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswm7\Ghook.dll] [N/A, ]
[C:\WINDOWS\SysJT3\Ghook.dll] [N/A, ]
[C:\WINDOWS\SysSun2\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswl3\Ghook.dll] [N/A, ]
[C:\WINDOWS\HKNTDLL.dll] [N/A, ]
[C:\DOCUME~1\liu\LOCALS~1\Temp\LgSy0.dll] [N/A, ]
[C:\DOCUME~1\liu\LOCALS~1\Temp\Msxo1.dll] [N/A, ]
[C:\DOCUME~1\liu\LOCALS~1\Temp\Kavs1.dll] [N/A, ]
注入VTtrayp.exe,SOUNDMAN.EXE等,几乎每个都注入
[C:\WINDOWS\SysJT3\Ghook.dll] [N/A, ]
[C:\WINDOWS\SysSun2\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswl3\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswm7\Ghook.dll] [N/A, ]
[C:\WINDOWS\Sysfy3\Ghook.dll] [N/A, ]
调用svchost.exe
[PID: 1904][C:\WINDOWS\Sysfy3\svchost.exe] [N/A, ]
[C:\WINDOWS\Sysfy3\Ghook.dll] [N/A, ]
[PID: 1916][C:\WINDOWS\Syswm7\svchost.exe] [N/A, ]
[C:\WINDOWS\Syswm7\Ghook.dll] [N/A, ]
[PID: 1952][C:\WINDOWS\Syswl3\svchost.exe] [N/A, ]
[C:\WINDOWS\Syswl3\Ghook.dll] [N/A, ]
[PID: 120][C:\WINDOWS\SysSun2\svchost.exe] [N/A, ]
[C:\WINDOWS\SysSun2\Ghook.dll] [N/A, ]
[PID: 144][C:\WINDOWS\SysJT3\svchost.exe] [N/A, ]
[C:\WINDOWS\SysJT3\Ghook.dll] [N/A, ]
修改的HOSTS 文件倒是挺有意思,似乎屏蔽的都是黄色网站
非常霸道的一个木马,恐怖哦!!
先建议你把上面的文件设法删除,不要重启,再扫描日志,发上来
如果对系统不是狠熟悉,还是建议你重新安装系统吧,
carabe - 2007-5-1 18:31:00
呵呵,火影比我快哦
8897603 - 2007-5-1 18:35:00
毒窝!
天月来了 - 2007-5-1 18:39:00
carabe
你不能只说出异常的东西就完事了。
还建议把上面的文件设法删除。
可是到这求助的可能不知道怎么删除。
你想帮他们,就得说一说用啥方法,啥东西删除。
否则求助的得急死。
欣LOVE欣 - 2007-5-1 20:29:00
先谢谢大家了 我去杀下 看看 !~!`
newcenturymoon - 2007-5-1 20:30:00
C:\Program Files\Common Files\System\wab32res.exe又是艾尼变种
1
© 2000 - 2026 Rising Corp. Ltd.