oo0很随意0oo - 2007-7-15 11:38:00
瑞星卡卡电脑诊断日志 v1.20 (2007-7-14 23:43:12) 北京瑞星科技股份有限公司
注释: [A]表示该文件存在自启动关联;
[M]表示该文件在内存中;
+ 注册表自运行项目
+ Win32 Services
+ HKLM\System\CurrentControlSet\Services
NVSvc
[AM] 1. c:\windows\system32\nvsvc32.exe
RsCCenter
[A ] 2. c:\program files\rising\rav\ccenter.exe
RsRavMon
[A ] 3. c:\program files\rising\rav\ravmond.exe
+ Kernel Drivers
+ HKLM\System\CurrentControlSet\Services
ADILOADER
[A ] 4. c:\windows\system32\drivers\adildr.sys
adiusbae
[A ] 5. c:\windows\system32\drivers\adiusbae.sys
ALCXWDM
[A ] 6. c:\windows\system32\drivers\alcxwdm.sys
BaseTDI
[A ] 7. c:\windows\system32\drivers\basetdi.sys
ExpScaner
[A ] 8. c:\program files\rising\rav\expscan.sys
HookCont
[A ] 9. c:\program files\rising\rav\hookcont.sys
HookReg
[A ] 10. c:\program files\rising\rav\hookreg.sys
HookSys
[A ] 11. c:\program files\rising\rav\hooksys.sys
iv5hvg5
[A ] 12. c:\windows\system32\drivers\iv5hvg5.sys
KWatch3
[A ] 13. c:\windows\system32\drivers\kwatch3.sys
MEMSCAN
[A ] 14. c:\program files\rising\rav\memscan.sys
npkcrypt
[A ] 15. d:\program files\tencent\qq\npkcrypt.sys
PnpWmkDrv
[A ] 16. c:\windows\system32\drivers\pnpwmkdrv.sys
RsAntiSpyware
[A ] 17. c:\windows\system32\drivers\rsboot.sys
RsNTGDI
[A ] 18. c:\windows\system32\drivers\rsntgdi.sys
RSPPSYS
[A ] 19. c:\program files\rising\rav\rsppsys.sys
Secdrv
[A ] 20. c:\windows\system32\drivers\secdrv.sys
tmpreflt
[A ] 21. c:\windows\system32\drivers\tmpreflt.sys
usbehci
[A ] 22. c:\windows\system32\drivers\usbehci.sys
uycphs5zb
[A ] 23. c:\windows\system32\drivers\uycphs5zb.sys
WmRegProDrv
[A ] 24. c:\windows\system32\drivers\wmregprodrv.sys
yukonwxp
[A ] 25. c:\windows\system32\drivers\yk51x86.sys
+ Explorer
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
HyperTerminal Icon Ext
[A ] 26. c:\windows\system32\hticons.dll
NvCpl DesktopContext Class
[AM] 27. c:\windows\system32\nvcpl.dll
Play on my TV helper
[AM] 27. c:\windows\system32\nvcpl.dll
Desktop Explorer
[AM] 28. c:\windows\system32\nvshell.dll
Desktop Explorer Menu
[AM] 28. c:\windows\system32\nvshell.dll
nView Desktop Context Menu
[AM] 28. c:\windows\system32\nvshell.dll
WinRAR shell extension
[AM] 29. c:\program files\winrar\rarext.dll
RISING
[AM] 30. c:\windows\system32\ravext.dll
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}
[AM] 31. c:\windows\system32\shlhook.dll
{32CD708B-60A7-4C00-9377-D73EAA495F0F}
[AM] 30. c:\windows\system32\ravext.dll
{12311A42-AC1B-158F-FD32-5674345F23A1}
[AM] 32. c:\windows\system32\dhapri.dll
+ Logon
+ HKLM\Software\Microsoft\Windows\CurrentVersion\Run
SoundMan
[AM] 33. c:\windows\soundman.exe
nwiz
[A ] 34. c:\windows\system32\nwiz.exe
runeip
[AM] 35. c:\program files\rising\antispyware\runiep.exe
RavTask
[A ] 36. c:\program files\rising\rav\ravtask.exe
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
KKDelay
[A ] 37. c:\program files\rising\antispyware\runonce.exe
+ Boot Execute
+ HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order
BootExecute
[A ] 38. c:\windows\system32\bsmain.exe
[A ] 39. c:\windows\system32\kknative.exe
+ Image Hijacks
+ HKCR\.bat
batfile\edit\Command
[AM] 40. c:\windows\system32\notepad.exe
batfile\print\Command
[AM] 40. c:\windows\system32\notepad.exe
+ HKCR\.log
txtfile\open\Command
[AM] 40. c:\windows\system32\notepad.exe
txtfile\print\Command
[AM] 40. c:\windows\system32\notepad.exe
txtfile\printto\Command
[AM] 40. c:\windows\system32\notepad.exe
+ HKCR\.txt
txtfile\open\Command
[AM] 40. c:\windows\system32\notepad.exe
txtfile\print\Command
[AM] 40. c:\windows\system32\notepad.exe
txtfile\printto\Command
[AM] 40. c:\windows\system32\notepad.exe
+ HKCR\.cmd
cmdfile\edit\Command
[AM] 40. c:\windows\system32\notepad.exe
cmdfile\print\Command
[AM] 40. c:\windows\system32\notepad.exe
+ HKCR\.reg
regfile\edit\Command
[AM] 40. c:\windows\system32\notepad.exe
regfile\print\Command
[AM] 40. c:\windows\system32\notepad.exe
+ HKCR\.vbs
VBSFile\Edit\Command
[AM] 40. c:\windows\system32\notepad.exe
VBSFile\Print\Command
[AM] 40. c:\windows\system32\notepad.exe
+ HKCR\.js
JSFile\Edit\Command
[AM] 40. c:\windows\system32\notepad.exe
JSFile\Print\Command
[AM] 40. c:\windows\system32\notepad.exe
+ HKCR\.ini
inifile\open\Command
[AM] 40. c:\windows\system32\notepad.exe
inifile\print\Command
[AM] 40. c:\windows\system32\notepad.exe
+ HKCR\.inf
inffile\open\Command
[AM] 40. c:\windows\system32\notepad.exe
inffile\print\Command
[AM] 40. c:\windows\system32\notepad.exe
+ AppInit Dlls & Known Dlls
+ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_DLLs
[AM] 32. c:\windows\system32\dhapri.dll
+ 其他自启动项目
+ C:\Documents and Settings\All Users\「开始」菜单\程序\启动
DSLMON.lnk
[AM] 41. c:\program files\huawei technologies\huawei smartax mt810\dslmon.exe
+ 系统活动模块
+ 00000180(384) Explorer.EXE
007E0000[0000A000]
[AM] 32. c:\windows\system32\dhapri.dll
10000000[00014000]
[ M] 42. c:\windows\system32\1gbb6z.dll
72C90000[00009000]
[ M] 43. c:\windows\system32\wdmaud.drv
72C80000[00008000]
[ M] 44. c:\windows\system32\msacm32.drv
02030000[00029000]
[AM] 29. c:\program files\winrar\rarext.dll
04BF0000[00557000]
[AM] 27. c:\windows\system32\nvcpl.dll
01990000[00033000]
[ M] 45. c:\windows\system32\nvrszhc.dll
01F80000[00073000]
[AM] 28. c:\windows\system32\nvshell.dll
57F90000[00004000]
[ M] 46. c:\windows\system32\tssoft32.acm
02580000[0001B000]
[ M] 47. c:\program files\rising\antispyware\ieprot.dll
23700000[0001A000]
[ M] 48. c:\program files\rising\rav\rscommon.dll
02CB0000[00019000]
[ M] 49. c:\program files\rising\rav\ravscrch.dll
+ 0000023c(572) SOUNDMAN.EXE
00400000[00014000]
[AM] 33. c:\windows\soundman.exe
10000000[0001B000]
[ M] 47. c:\program files\rising\antispyware\ieprot.dll
+ 00000254(596) ctfmon.exe
10000000[0001B000]
[ M] 47. c:\program files\rising\antispyware\ieprot.dll
+ 00000264(612) dslmon.exe
00400000[000E9000]
[AM] 41. c:\program files\huawei technologies\huawei smartax mt810\dslmon.exe
10000000[00017000]
[ M] 50. c:\program files\huawei technologies\huawei smartax mt810\languages\chinesesimp.dll
00E50000[0000A000]
[AM] 32. c:\windows\system32\dhapri.dll
00F00000[0001B000]
[ M] 47. c:\program files\rising\antispyware\ieprot.dll
+ 0000026c(620) smss.exe
+ 00000350(848) csrss.exe
+ 00000368(872) winlogon.exe
004D0000[0000A000]
[AM] 32. c:\windows\system32\dhapri.dll
72C90000[00009000]
[ M] 43. c:\windows\system32\wdmaud.drv
72C80000[00008000]
[ M] 44. c:\windows\system32\msacm32.drv
+ 00000398(920) services.exe
00560000[0000A000]
[AM] 32. c:\windows\system32\dhapri.dll
+ 000003a4(932) lsass.exe
00560000[0000A000]
[AM] 32. c:\windows\system32\dhapri.dll
+ 0000044c(1100) svchost.exe
005A0000[0000A000]
[AM] 32. c:\windows\system32\dhapri.dll
+ 00000464(1124) svchost.exe
00540000[0000A000]
[AM] 32. c:\windows\system32\dhapri.dll
+ 000004e8(1256) svchost.exe
005A0000[0000A000]
[AM] 32. c:\windows\system32\dhapri.dll
+ 00000520(1312) svchost.exe
00540000[0000A000]
[AM] 32. c:\windows\system32\dhapri.dll
+ 000005cc(1484) spoolsv.exe
007E0000[0000A000]
[AM] 32. c:\windows\system32\dhapri.dll
+ 0000062c(1580) alg.exe
005A0000[0000A000]
[AM] 32. c:\windows\system32\dhapri.dll
+ 00000668(1640) nvsvc32.exe
00400000[00021000]
[AM] 1. c:\windows\system32\nvsvc32.exe
00D60000[00033000]
[ M] 45. c:\windows\system32\nvrszhc.dll
+ 00000b40(2880) Ras.exe
00400000[0013E000]
[ M] 51. c:\program files\rising\antispyware\ras.exe
003D0000[0000A000]
[AM] 32. c:\windows\system32\dhapri.dll
10000000[000A3000]
[ M] 52. c:\program files\rising\antispyware\rasgui.dll
01540000[0001B000]
[ M] 47. c:\program files\rising\antispyware\ieprot.dll
01740000[0002F000]
[ M] 53. c:\program files\rising\antispyware\engine.dll
01870000[00012000]
[ M] 54. c:\program files\rising\antispyware\zip.dll
01C20000[00011000]
[AM] 31. c:\windows\system32\shlhook.dll
01C90000[0001B000]
[AM] 30. c:\windows\system32\ravext.dll
+ 00000df4(3572) runiep.exe
00400000[00012000]
[AM] 35. c:\program files\rising\antispyware\runiep.exe
00C70000[0001B000]
[ M] 47. c:\program files\rising\antispyware\ieprot.dll
+ 00000e74(3700) NOTEPAD.EXE
01000000[00013000]
[AM] 40. c:\windows\system32\notepad.exe
00A90000[0000A000]
[AM] 32. c:\windows\system32\dhapri.dll
10000000[0001B000]
[ M] 47. c:\program files\rising\antispyware\ieprot.dll
oo0很随意0oo - 2007-7-15 11:39:00
完美卸载 - 系统检查检测报告!
建议:修复时请按照高手的反馈编号在修复工具中打勾进行修复.
--------------------------系统环境-------------------------
检测日期: 2007-7-13 21:38
Windows: Microsoft Windows XP
ServicePack: Service Pack 1
Update: 2600.xpsp1.020828-1920
Internet Explorer: 6.0.2800.1106
-----------------------网络基础安全测试--------------------
密码安全检测:已经设置了管理员密码,建议:将密码复杂度和长度提高!
网络漏洞检测:存在IPC$空连接,容易被黑客攻击! 方案:找到 C:\Program Files\完美卸载V2007 完整版\IPCRepair.reg, 双击此文件导入注册表!</a>
服务名称 是否运行 描述
RemoteRegistry [运行中] [说明:这个服务可能被利用远程操作注册表]
Windows Time [运行中] [说明:这个服务可能被黑客利用来启动木马]
Telnet [已停止] [说明:这个服务可能被黑客登录到您计算机]
Messenger [运行中] [说明:这个服务常被广告商用来发垃圾广告]
Server [运行中] [说明:如果你的电脑不用局域网中,可以关闭]
建议在[控制面板]-[管理工具]-[服务]中,找到这些服务关闭并设置为[禁用].
--------------------计算机系统组件体检----------------------
[编号:0]
[名称:\SystemRoot\System32\smss.exe]
[类型:运行进程]
[内容:未知]
[编号:1]
[名称:\??\C:\WINDOWS\system32\winlogon.exe]
[类型:运行进程]
[内容:未知]
[编号:2]
[名称:C:\WINDOWS\system32\services.exe]
[类型:运行进程]
[内容:Microsoft(R) Windows(R) Operating System (C) Microsoft Corporation. All rights reserved.]
[编号:3]
[名称:C:\WINDOWS\system32\lsass.exe]
[类型:运行进程]
[内容:Microsoft? Windows? Operating System ? Microsoft Corporation. All rights reserved.]
[编号:4 - 可疑级别:*]
[名称:C:\WINDOWS\system32\svchost.exe]
[类型:运行进程]
[内容:Microsoft? Windows? Operating System ? Microsoft Corporation. All rights reserved.]
[编号:5 - 可疑级别:*]
[名称:C:\WINDOWS\System32\svchost.exe]
[类型:运行进程]
[内容:Microsoft? Windows? Operating System ? Microsoft Corporation. All rights reserved.]
[编号:6 - 可疑级别:*]
[名称:C:\WINDOWS\system32\spoolsv.exe]
[类型:运行进程]
[内容:Microsoft? Windows? Operating System ? Microsoft Corporation. All rights reserved.]
[编号:7 - 可疑级别:*]
[名称:C:\KAV2007\KPfwSvc.EXE]
[类型:运行进程]
[内容:Kingsoft Firewall Copyright (c) 2001-2005 Kingsoft Corporation]
[编号:8 - 可疑级别:*]
[名称:C:\WINDOWS\System32\nvsvc32.exe]
[类型:运行进程]
[内容:NVIDIA Driver Helper Service, Version 71.84 (C) NVIDIA Corporation. All rights reserved.]
[编号:9 - 可疑级别:*]
[名称:C:\WINDOWS\SOUNDMAN.EXE]
[类型:运行进程]
[内容:Realtek Sound Manager Copyright (c) 2001-2004 Realtek Semiconductor Corp.]
[编号:10 - 可疑级别:*]
[名称:C:\WINDOWS\System32\RUNDLL32.EXE]
[类型:运行进程]
[内容:Microsoft(R) Windows(R) Operating System (C) Microsoft Corporation. All rights reserved.]
[编号:11 - 可疑级别:*]
[名称:C:\WINDOWS\System32\ctfmon.exe]
[类型:运行进程]
[内容:Microsoft? Windows? Operating System ? Microsoft Corporation. All rights reserved.]
[编号:12 - 可疑级别:*]
[名称:C:\Program Files\Huawei Technologies\Huawei SmartAX MT810\dslmon.exe]
[类型:运行进程]
[内容:DSLMON Application Copyright (C) 2000]
[编号:13 - 可疑级别:*]
[名称:C:\WINDOWS\explorer.exe]
[类型:运行进程]
[内容:Microsoft(R) Windows(R) Operating System (C) Microsoft Corporation. All rights reserved.]
[编号:14 - 可疑级别:*]
[名称:C:\Program Files\完美卸载V2007 完整版\WmSysPro.exe]
[类型:运行进程]
[内容:系统保护防毒墙 版权所有 (C)剑锋工作室]
[编号:15]
[名称:C:\Program Files\完美卸载V2007 完整版\MainCon.exe]
[类型:运行进程]
[内容:完美卸载V2007 主控台 版权所有 (C) 2006 完美卸载]
[编号:16 - 可疑级别:*]
[名称:C:\Program Files\完美卸载V2007 完整版\ChkDisk.exe]
[类型:运行进程]
[内容:ChkDisk 应用程序 版权所有 (C) 2004]
[编号:17 - 可疑级别:*]
[名称:G:\其他文件\精典街机\WinKawaks.exe]
[类型:运行进程]
[内容:WinKawaks Application Copyright (C) 2001]
[编号:18]
[名称:C:\Program Files\完美卸载V2007 完整版\Syssec.exe]
[类型:运行进程]
[内容:完美卸载V2007-ChinaHijackThis 版权所有 (C) 2006]
oo0很随意0oo - 2007-7-15 11:40:00
------------------------------------------------------------------------------------------
[编号:20 - 可疑级别:*****]
[名称:C:\WINDOWS\System32\dhapri.dll]
[类型:已加载DLL]
[内容:未知]
[编号:21 - 可疑级别:*]
[名称:C:\WINDOWS\System32\NVRSZHC.DLL]
[类型:已加载DLL]
[内容:NVIDIA Compatible Windows 2000 Display driver, Version 71.84 (C) NVIDIA Corporation. All rights reserved.]
[编号:22 - 可疑级别:*]
[名称:C:\WINDOWS\System32\NvMcTray.dll]
[类型:已加载DLL]
[内容:NVIDIA Media Center Library (C) NVIDIA Corporation. All rights reserved.]
[编号:23 - 可疑级别:*]
[名称:C:\Program Files\Huawei Technologies\Huawei SmartAX MT810\Languages\ChineseSimp.dll]
[类型:已加载DLL]
[内容:DSLMON Application Copyright (C) 2000]
[编号:24 - 可疑级别:*]
[名称:C:\WINDOWS\System32\Protect.sys]
[类型:已加载DLL]
[内容:未知]
[编号:25 - 可疑级别:*]
[名称:C:\WINDOWS\System32\nvcpl.dll]
[类型:已加载DLL]
[内容:NVIDIA Compatible Windows 2000 Display driver, Version 71.84 (C) NVIDIA Corporation. All rights reserved.]
[编号:26 - 可疑级别:*]
[名称:C:\WINDOWS\System32\nvshell.dll]
[类型:已加载DLL]
[内容:NVIDIA Desktop Explorer, Version 100.35 (C) NVIDIA Corporation. All rights reserved.]
[编号:27 - 可疑级别:*]
[名称:C:\Program Files\完美卸载V2007 完整版\ScanEngine.dll]
[类型:已加载DLL]
[内容:ScanEngine 完美病毒引擎文件 版权所有 (C) 2007]
[编号:28 - 可疑级别:*]
[名称:C:\Program Files\完美卸载V2007 完整版\SkinPlusPlus.dll]
[类型:已加载DLL]
[内容:SkinPlusPlus Dynamic Link Library 版权所有(C) 2004-2006 上海勇进软件有限公司]
[编号:29 - 可疑级别:*]
[名称:C:\KAV2007\Flash.OCX]
[类型:已加载DLL]
[内容:Shockwave Flash Copyright ? 1996-2003 Macromedia, Inc.]
[编号:30 - 可疑级别:*****]
[名称:G:\其他文件\精典街机\kailleraclient.dll]
[类型:已加载DLL]
[内容:未知]
------------------------------------------------------------------------------------------
[编号:32]
[名称:IMJPMIG8.1]
[类型:开机启动]
[内容:"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32]
[编号:33]
[名称:PHIME2002ASync]
[类型:开机启动]
[内容:C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC]
[编号:34]
[名称:PHIME2002A]
[类型:开机启动]
[内容:C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName]
[编号:35]
[名称:SoundMan]
[类型:开机启动]
[内容:SOUNDMAN.EXE]
[编号:36]
[名称:nwiz]
[类型:开机启动]
[内容:nwiz.exe /install]
[编号:37]
[名称:ctfmon.exe]
[类型:开机启动]
[内容:C:\WINDOWS\System32\ctfmon.exe]
------------------------------------------------------------------------------------------
[编号:39 - 可疑级别:*]
[名称:General Purpose USB Driver (adildr.sys)]
[类型:服务:ADI ADSL chipset loader Copyright ? 2001 Analog Devices Inc.]
[内容:C:\WINDOWS\system32\drivers\adildr.sys]
[编号:40 - 可疑级别:*]
[名称:USB ADSL LAN Adapter]
[类型:服务:ADSL USB LAN Driver Copyright (c) 2003 Analog Devices Inc.]
[内容:C:\WINDOWS\system32\drivers\adiusbae.sys]
[编号:41 - 可疑级别:*****]
[名称:AFD 网络支持环境]
[类型:服务:未知]
[内容:\SystemRoot\System32\drivers\afd.sys]
[编号:42 - 可疑级别:*]
[名称:Service for Realtek AC97 Audio (WDM)]
[类型:服务:Windows (R) WDM driver for Realtek AC'97 Audio(HRTF data Copyright 1994 by MIT Media Lab) Copyright (c) Realtek Semiconductor Corp.1998-2005]
[内容:C:\WINDOWS\system32\drivers\alcxwdm.sys]
[编号:43 - 可疑级别:*****]
[名称:ATSpy]
[类型:服务:未知]
[内容:c:\windows\system32\atspy.sys]
[编号:44 - 可疑级别:*****]
[名称:iv5hvg5]
[类型:服务:未知]
[内容:C:\WINDOWS\system32\drivers\iv5hvg5.sys]
[编号:45 - 可疑级别:*]
[名称:KNetWch]
[类型:服务:Kingsoft Internet Security Copyright (C) 2000 - 2006 Kingsoft Inc (KIS International Team), All Rights Reserved.]
[内容:c:\kav2007\knetwch.sys]
[编号:46 - 可疑级别:*]
[名称:Kingsoft Personal Firewall Service]
[类型:服务:Kingsoft Firewall Copyright (c) 2001-2005 Kingsoft Corporation]
[内容:"C:\KAV2007\KPfwSvc.EXE"]
[编号:47 - 可疑级别:*****]
[名称:KWatch3]
[类型:服务:未知]
[内容:c:\windows\system32\drivers\kwatch3.sys]
[编号:48 - 可疑级别:*]
[名称:Kingsoft Antivirus KWatch Service]
[类型:服务:Kingsoft Internet Security Copyright ? 2000 - 2007 Kingsoft Inc (KIS International Team), All Rights Reserved.]
[内容:C:\KAV2007\KWatch.EXE]
[编号:49 - 可疑级别:*****]
[名称:npkcrypt]
[类型:服务:未知]
[内容:d:\program files\tencent\qq\npkcrypt.sys]
[编号:50 - 可疑级别:*****]
[名称:NVIDIA Display Driver Service]
[类型:服务:未知]
[内容:C:\WINDOWS\system32\nvsvc32.exe]
[编号:51]
[名称:PnpWmkDrv]
[类型:服务:未知]
[内容:c:\windows\system32\drivers\pnpwmkdrv.sys]
[编号:52 - 可疑级别:*]
[名称:Remote Procedure Call (RPC)]
[类型:服务:未知]
[内容:C:\WINDOWS\system32\svchost ]
[编号:53 - 可疑级别:*****]
[名称:uycphs5zb]
[类型:服务:未知]
[内容:c:\windows\system32\drivers\uycphs5zb.sys]
[编号:54]
[名称:WmRegProDrv]
[类型:服务:未知]
[内容:C:\WINDOWS\system32\drivers\wmregprodrv.sys]
[编号:55 - 可疑级别:*]
[名称:NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller]
[类型:服务:Marvell Yukon Ethernet Controller ? Copyright 2002-2004 Marvell ?. All rights reserved]
[内容:C:\WINDOWS\system32\drivers\yk51x86.sys]
------------------------------------------------------------------------------------------
[编号:57]
[名称:Start Page]
[类型:IE主页-当前用户]
[内容:about:blank]
[编号:58]
[名称:Search Page]
[类型:IE搜索-当前用户]
[内容:http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch]
[编号:59]
[名称:Start Page]
[类型:IE主页-所有用户]
[内容:http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home]
[编号:60]
[名称:Search Page]
[类型:IE搜索-所有用户]
[内容:http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch]
[编号:61]
[名称:Default_Page_URL]
[类型:默认IE主页-所有用户]
[内容:about:blank]
[编号:62]
[名称:Default_Search_URL]
[类型:默认IE搜索-所有用户]
[内容:http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch]
------------------------------------------------------------------------------------------
[编号:64 - 可疑级别:*]
[名称:CBrowseStakeout Class]
[类型:IE 嵌入对象]
[内容:C:\KAV2007\KAVAFish.DLL]
------------------------------------------------------------------------------------------
[编号:66]
[名称:金山毒霸反钓鱼...]
[类型:IE 右键按钮]
[内容: 路径:\?��]
------------------------------------------------------------------------------------------
[编号:68]
[名称:PostBootReminder]
[类型:正常嵌入对象]
[内容:%SystemRoot%\system32\SHELL32.dll]
[编号:69]
[名称:CDBurn]
[类型:正常嵌入对象]
[内容:%SystemRoot%\system32\SHELL32.dll]
[编号:70]
[名称:WebCheck]
[类型:正常嵌入对象]
[内容:%SystemRoot%\System32\webcheck.dll]
[编号:71]
[名称:SysTray]
[类型:正常嵌入对象]
[内容:C:\WINDOWS\System32\stobject.dll]
------------------------------------------------------------------------------------------
[编号:73]
[名称:]
[类型:EXE关联]
[内容:"%1" %*]
[编号:74]
[名称:]
[类型:TXT关联]
[内容:%SystemRoot%\system32\NOTEPAD.EXE %1]
[编号:75]
[名称:]
[类型:vbs关联]
[内容:wscript.exe "%1" %*]
[编号:76]
[名称:]
[类型:Js关联]
[内容:wscript.exe "%1" %*]
[编号:77]
[名称:]
[类型:htmlfile关联]
[内容:"C:\Program Files\Internet Explorer\iexplore.exe" -nohome]
[编号:78]
[名称:]
[类型:HTTP协议]
[内容:"C:\Program Files\Internet Explorer\iexplore.exe" -nohome]
[编号:79]
[名称:]
[类型:FTP协议]
[内容:"C:\Program Files\Internet Explorer\iexplore.exe" %1]
------------------------------------------------------------------------------------------
[编号:81]
[名称:c:\windows\system32\deskpan.dll]
[类型:第三方 COM/ActiveX组件]
[内容:显示摇曳 CPL 扩展---发布公司:未知]
[编号:82]
[名称:c:\windows\system32\rtlcpapi.dll]
[类型:第三方 COM/ActiveX组件]
[内容:RtlCP Class---发布公司:RtlCPAPI Module Copyright 2004]
-----------------------------------危险级别比较高的项目--------------------------------------
[编号:20 - 可疑级别:*****]
[名称:C:\WINDOWS\System32\dhapri.dll]
[类型:已加载DLL]
[内容:未知]
[编号:30 - 可疑级别:*****]
[名称:G:\其他文件\精典街机\kailleraclient.dll]
[类型:已加载DLL]
[内容:未知]
[编号:41 - 可疑级别:*****]
[名称:AFD 网络支持环境]
[类型:服务:未知]
[内容:\SystemRoot\System32\drivers\afd.sys]
[编号:43 - 可疑级别:*****]
[名称:ATSpy]
[类型:服务:未知]
[内容:c:\windows\system32\atspy.sys]
[编号:44 - 可疑级别:*****]
[名称:iv5hvg5]
[类型:服务:未知]
[内容:C:\WINDOWS\system32\drivers\iv5hvg5.sys]
[编号:47 - 可疑级别:*****]
[名称:KWatch3]
[类型:服务:未知]
[内容:c:\windows\system32\drivers\kwatch3.sys]
[编号:49 - 可疑级别:*****]
[名称:npkcrypt]
[类型:服务:未知]
[内容:d:\program files\tencent\qq\npkcrypt.sys]
[编号:50 - 可疑级别:*****]
[名称:NVIDIA Display Driver Service]
[类型:服务:未知]
[内容:C:\WINDOWS\system32\nvsvc32.exe]
[编号:53 - 可疑级别:*****]
[名称:uycphs5zb]
[类型:服务:未知]
[内容:c:\windows\system32\drivers\uycphs5zb.sys]
-----------------------计算机网络端口----------------------
协议 端口号 端口类型
TCP 135 微软DCE RPC end-point mapper服务
TCP 445 Microsoft-DS
TCP 1025 未知类型
TCP 1027 未知类型
TCP 5000 WindowsXP服务器,Blazer 5,Bubbel,Back Door Setup,Sockets de Troie
TCP 3001 未知类型
TCP 3002 未知类型
TCP 3003 未知类型
TCP 139 微软Netbios Name服务(用于文件及打印机共享)
TCP 3014 未知类型
TCP 3016 未知类型
TCP 3017 未知类型
TCP 3018 未知类型
TCP 68 未知类型
TCP 135 未知类型
TCP 445 公共Internet文件系统(CIFS)
TCP 500 Internet密钥交换
TCP 1026 Remote Explorer 2000
TCP 3012 未知类型
TCP 123 未知类型
TCP 1900 未知类型
TCP 123 未知类型
TCP 137 未知类型
TCP 138 未知类型
TCP 1900 未知类型
--------------------感谢您关注我们的软件---------------------
网站: http://www.killsoft.cn 产品:完美卸载
oo0很随意0oo - 2007-7-15 11:41:00
希望大家能帮忙..ps:那个dhapri.dll老杀不掉
Leoooo - 2007-7-15 12:44:00
日志中没有发现可疑文件,请及时升级瑞星杀毒软件,打开实时监控。
oo0很随意0oo - 2007-7-15 14:45:00
不可能
那个dhapri.dll是什么东西啊。?
流星陨落 - 2007-7-15 15:05:00
以上可疑文件,发到这里以便鉴定
http://up.rising.com.cn/webmail/uploadnew.htm
© 2000 - 2026 Rising Corp. Ltd.