中毒了。请大大们看看 bbs.ikaka.com

棋缘 - 2007-8-2 17:09:00

HijackThis_zww汉化版扫描日志 V1.99.1
保存于 16:52:43, 日期 2007-8-2
操作系统： Windows XP SP1 (WinNT 5.01.2600)
浏览器： Internet Explorer v6.00 SP1 (6.00.2800.1106)

当前运行的进程：
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
E:\kav2007\KAVStart.exe
C:\WINDOWS\System32\ctfmon.exe
E:\kav2007\KPFW32.EXE
E:\kav2007\KMailMon.EXE
E:\kav2007\KPfwSvc.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Yayad\AdPop.Exe
C:\!WNM\wnb.exe
C:\Documents and Settings\lzjian\桌面\HijackThis1[1].99.1\HijackThis1991zww.exe

R3 - URLSearchHook: Tencent SearchHook - {DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} - C:\Program Files\TENCENT\SSPlus\SAddr.dll
O2 - BHO: QQCycloneHelper - {00000000-12C9-4305-82F9-43058F20E8D2} - e:\Program Files\Tencent\QQDownload\QQIEHelper01.dll
O2 - BHO: Ad Engine - {077FD0C3-1291-4104-A356-41E36B252682} - C:\Program Files\Yayad\AdCore.dll
O2 - BHO: Tencent Browser Helper - {0C7C23EF-A848-485B-873C-0ED954731014} - C:\Program Files\TENCENT\SSPlus\SAddr.dll
O2 - BHO: KAVAntiFishing - {55302805-482E-470E-8A57-6795A1487F90} - E:\kav2007\KAVAFish.DLL
O3 - IE工具栏增项: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - 启动项HKLM\\Run: [KavStart] "E:\kav2007\KAVStart.exe" -startup
O4 - 启动项HKLM\\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [KavPFW] "E:\kav2007\KPFW32.EXE"
O8 - IE右键菜单中的新增项目: &使用超级旋风下载 - e:\Program Files\Tencent\QQDownload\geturl.htm
O8 - IE右键菜单中的新增项目: &使用超级旋风下载全部链接 - e:\Program Files\Tencent\QQDownload\getAllurl.htm
O8 - IE右键菜单中的新增项目: 导出到 Microsoft Excel(&x) - res://E:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - e:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 金山毒霸反钓鱼... - E:\kav2007\KAF\ShowSet.htm
O9 - 浏览器额外的按钮: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - I:\haofang\haofang\HFGameOPT\GameClient.exe
O9 - 浏览器额外的按钮: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - 浏览器额外的“工具”菜单项: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O11 - Options group: [TBH] 中文搜搜
O16 - DPF: {1E0DFFCF-27FF-4574-849B-55007349FEDA} (iTrusPTA Class) - https://img.alipay.com/download/1101/aliedit.cab
O16 - DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} (AxSubmitControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{145EDCBB-1B82-4563-B50F-7EB7976586E8}: NameServer = 202.96.128.86,202.96.128.166
O17 - HKLM\System\CS1\Services\Tcpip\..\{145EDCBB-1B82-4563-B50F-7EB7976586E8}: NameServer = 202.96.128.86,202.96.128.166
O17 - HKLM\System\CS2\Services\Tcpip\..\{145EDCBB-1B82-4563-B50F-7EB7976586E8}: NameServer = 202.96.128.86,202.96.128.166
O20 - AppInit_DLLs: wdbpri.dll
O23 - NT 服务: Kingsoft Personal Firewall Service (KPfwSvc) - Kingsoft Corporation - E:\kav2007\KPfwSvc.EXE
O23 - NT 服务: Kingsoft Antivirus KWatch Service (KWatchSvc) - Kingsoft Corporation - E:\kav2007\KWatch.EXE
O23 - NT 服务: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

棋缘 - 2007-8-2 17:19:00

[CODE]

2007-08-02,16:58:46

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 1 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
进程特权扫描

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe> [(Verified)Microsoft Windows XP Publisher]
<KavPFW><"E:\kav2007\KPFW32.EXE"> [Kingsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<KavStart><"E:\kav2007\KAVStart.exe" -startup> [Kingsoft Corporation]
<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows XP Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><qjepri.dll> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{3562452F-FA36-BA4F-892A-FF5FBBAC5313}><C:\WINDOWS\System32\mycpri.dll> []
<{22311A42-AC1B-158F-FD32-5674345F23A2}><C:\WINDOWS\System32\dhbpri.dll> []
<{C1351752-5628-1547-FFAB-BADC13512AFC}><C:\WINDOWS\System32\ztlpri.dll> []
<{813AF41A-21B1-131B-1BFC-D2A90DF4A2B8}><C:\WINDOWS\System32\xygpri.dll> []
<{54123FF1-8371-9834-9021-184518451FA5}><C:\WINDOWS\System32\qjepri.dll> []
<{425AB2F3-234A-7469-2F43-E341713ABFA4}><C:\WINDOWS\System32\wgdpri.dll> []
<{1182C1EB-375C-573D-1F5E-234552345211}><C:\WINDOWS\System32\wldpri.dll> []
<{6A65498A-7653-9801-1647-987114AB7F46}><C:\WINDOWS\System32\zxfpri.dll> []
<{2F12545B-1212-1314-5679-4512ACEF8902}><C:\WINDOWS\System32\wdbpri.dll> []
<{212BC423-3713-224D-3F55-32B35C62B112}><C:\WINDOWS\System32\tlmpri.dll> []
<{759AFD5B-159F-ACD8-954C-ACD545FA6587}><C:\WINDOWS\System32\jzgpri.dll> []
<{26368135-64FA-BC34-DA32-DCF4FD431C92}><C:\WINDOWS\System32\qhbpri.dll> []
<{3FFAB213-ABCF-F421-FBA1-3FA352343213}><C:\WINDOWS\System32\wscpri.dll> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
<Microsoft Windows Media Player 6.4><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mplayer2.inf,PerUserStub.NT> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{306D6C21-C1B6-4629-986C-E59E1875B8AF}]
<N/A><"C:\WINDOWS\System32\rundll32.exe" "C:\Program Files\Messenger\msgsc.dll",ShowIconsUser> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.Install.PerUser> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player 8><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]

==================================
启动文件夹
N/A

==================================
服务
[Kingsoft Personal Firewall Service / KPfwSvc][Running/Auto Start]
<"E:\kav2007\KPfwSvc.EXE"><Kingsoft Corporation>
[Kingsoft Antivirus KWatch Service / KWatchSvc][Stopped/Auto Start]
<E:\kav2007\KWatch.EXE><Kingsoft Corporation>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
<C:\WINDOWS\System32\nvsvc32.exe><NVIDIA Corporation>

棋缘 - 2007-8-2 17:19:00

==================================
驱动程序
[KNetWch / KNetWch][Running/System Start]
<\??\E:\kav2007\KNetWch.SYS><Kingsoft Corporation>
[KWatch3 / KWatch3][Running/System Start]
<\??\C:\WINDOWS\System32\drivers\KWatch3.SYS><Kingsoft Corporation>
[nv / nv][Running/Manual Start]
<System32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
<System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
<System32\DRIVERS\secdrv.sys><N/A>

==================================
浏览器加载项
[QQCycloneHelper Class]
{00000000-12C9-4305-82F9-43058F20E8D2} <e:\Program Files\Tencent\QQDownload\QQIEHelper01.dll, 腾讯公司>
[Ad Engine]
{077FD0C3-1291-4104-A356-41E36B252682} <C:\Program Files\Yayad\AdCore.dll, CDM>
[Tencent Browser Helper]
{0C7C23EF-A848-485B-873C-0ED954731014} <C:\Program Files\TENCENT\SSPlus\SAddr.dll, Tencent>
[CBrowseStakeout Class]
{55302805-482E-470E-8A57-6795A1487F90} <E:\kav2007\KAVAFish.DLL, Kingsoft Corporation>
[浩方对战平台]
{0A155D3C-68E2-4215-A47A-E800A446447A} <I:\haofang\haofang\HFGameOPT\GameClient.exe, 上海浩方在线信息技术有限公司>
[@shdoclc.dll,-866]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[电台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[iTrusPTA Class]
{1E0DFFCF-27FF-4574-849B-55007349FEDA} <C:\WINDOWS\System32\aliedit\pta.dll, >
[AxSubmitControl Class]
{8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} <C:\WINDOWS\DOWNLO~1\SUBMIT~1.DLL, >
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9d.ocx, Adobe Systems, Inc.>
[WangWangObj Class]
{6E213FC7-DD5A-4115-B7E6-D4C7838C361E} <E:\Program Files\淘宝网\淘宝旺旺\WangWangX4.dll, 阿里巴巴软件(上海)有限公司>
[&使用超级旋风下载]
<e:\Program Files\Tencent\QQDownload\geturl.htm, N/A>
[&使用超级旋风下载全部链接]
<e:\Program Files\Tencent\QQDownload\getAllurl.htm, N/A>
[导出到 Microsoft Excel(&x)]
<res://E:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000, N/A>
[添加到QQ表情]
<e:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[金山毒霸反钓鱼...]
<E:\kav2007\KAF\ShowSet.htm, N/A>

==================================
正在运行的进程
[PID: 452 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 516 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 540 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.1557 (xpsp2_gdr.040517-1325)]
[C:\WINDOWS\System32\qhbpri.dll] [N/A, ]
[PID: 588 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\qhbpri.dll] [N/A, ]
[PID: 600 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 760 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\qhbpri.dll] [N/A, ]
[PID: 808 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\System32\qhbpri.dll] [N/A, ]
[PID: 892 / NETWORK SERVICE][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\System32\qhbpri.dll] [N/A, ]
[PID: 912 / LOCAL SERVICE][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\System32\qhbpri.dll] [N/A, ]
[PID: 1212 / lzjian][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\qhbpri.dll] [N/A, ]
[C:\WINDOWS\System32\mycpri.dll] [N/A, ]
[C:\WINDOWS\System32\dhbpri.dll] [N/A, ]
[C:\WINDOWS\System32\ztlpri.dll] [N/A, ]
[C:\WINDOWS\System32\xygpri.dll] [N/A, ]
[C:\WINDOWS\System32\qjepri.dll] [N/A, ]
[C:\WINDOWS\System32\wgdpri.dll] [N/A, ]
[C:\WINDOWS\System32\wldpri.dll] [N/A, ]
[C:\WINDOWS\System32\zxfpri.dll] [N/A, ]
[C:\WINDOWS\System32\wdbpri.dll] [N/A, ]
[C:\WINDOWS\System32\tlmpri.dll] [N/A, ]
[C:\WINDOWS\System32\jzgpri.dll] [N/A, ]
[C:\WINDOWS\System32\wscpri.dll] [N/A, ]
[C:\DOCUME~1\lzjian\LOCALS~1\Temp\mnso0.dll] [N/A, ]
[E:\kav2007\KASocket.dll] [Kingsoft Corporation, 2007, 3, 18, 241]
[E:\kav2007\KMailOEBand.dll] [Kingsoft Corporation, 2006, 12, 1, 139]
[C:\WINDOWS\System32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\System32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\System32\nvcpl.dll] [NVIDIA Corporation, 6.14.10.8195]
[C:\WINDOWS\System32\NVRSZHC.DLL] [NVIDIA Corporation, 6.14.10.8195]
[C:\WINDOWS\System32\nvshell.dll] [, ]
[C:\!WNM\WNMKEY.DLL] [N/A, ]
[E:\WinRAR\rarext.dll] [N/A, ]
[E:\kav2007\KAVEXT.DLL] [Kingsoft Corporation, 2007, 6, 21, 29]
[PID: 1304 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.1699 (xpsp2.050610-1533)]
[C:\WINDOWS\system32\qhbpri.dll] [N/A, ]
[PID: 1668 / lzjian][E:\kav2007\KAVStart.exe] [Kingsoft Corporation, 2007, 7, 5, 278]
[C:\WINDOWS\System32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\System32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\System32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\System32\MFC71CHS.DLL] [Microsoft Corporation, 7.10.3077.0]
[E:\kav2007\KAVIPC2.DLL] [Kingsoft Corporation, 2007, 1, 15, 30]
[E:\kav2007\SvcTimer.DLL] [Kingsoft Corporation, 2006.12.22.84]
[E:\kav2007\KAVPassp.dll] [Kingsoft Corporation, 2006, 9, 7, 270]
[E:\kav2007\PopSprt3.dll] [Kingsoft Corporation, 2007, 3, 20, 48]
[E:\kav2007\KASocket.dll] [Kingsoft Corporation, 2007, 3, 18, 241]
[E:\kav2007\KMailOEBand.dll] [Kingsoft Corporation, 2006, 12, 1, 139]
[C:\DOCUME~1\lzjian\LOCALS~1\Temp\mnso0.dll] [N/A, ]
[C:\WINDOWS\System32\wscpri.dll] [N/A, ]
[C:\WINDOWS\System32\jzgpri.dll] [N/A, ]
[C:\WINDOWS\System32\tlmpri.dll] [N/A, ]
[C:\WINDOWS\System32\wdbpri.dll] [N/A, ]
[C:\WINDOWS\System32\zxfpri.dll] [N/A, ]
[C:\WINDOWS\System32\wldpri.dll] [N/A, ]
[C:\WINDOWS\System32\wgdpri.dll] [N/A, ]
[C:\WINDOWS\System32\xygpri.dll] [N/A, ]
[C:\WINDOWS\System32\ztlpri.dll] [N/A, ]
[C:\WINDOWS\System32\dhbpri.dll] [N/A, ]
[C:\WINDOWS\System32\mycpri.dll] [N/A, ]
[C:\WINDOWS\System32\qhbpri.dll] [N/A, ]
[C:\WINDOWS\System32\qjepri.dll] [N/A, ]

棋缘 - 2007-8-2 17:20:00

[PID: 1704 / lzjian][C:\WINDOWS\System32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[E:\kav2007\KASocket.dll] [Kingsoft Corporation, 2007, 3, 18, 241]
[PID: 1716 / lzjian][E:\kav2007\KPFW32.EXE] [Kingsoft Corporation, 2007, 7, 4, 721]
[C:\WINDOWS\System32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\System32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\System32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\System32\jzgpri.dll] [N/A, ]
[C:\WINDOWS\System32\MFC71CHS.DLL] [Microsoft Corporation, 7.10.3077.0]
[E:\kav2007\KAVIPC2.DLL] [Kingsoft Corporation, 2007, 1, 15, 30]
[E:\kav2007\KAConfig.DLL] [Kingsoft Corporation, 2007, 1, 11, 41]
[E:\kav2007\FiltList.dll] [N/A, ]
[E:\kav2007\KAVPassp.DLL] [Kingsoft Corporation, 2006, 9, 7, 270]
[E:\kav2007\KMailOEBand.dll] [Kingsoft Corporation, 2006, 12, 1, 139]
[E:\kav2007\KASocket.dll] [Kingsoft Corporation, 2007, 3, 18, 241]
[E:\kav2007\KAScript.DLL] [Kingsoft Corporation, 2007, 3, 6, 75]
[C:\DOCUME~1\lzjian\LOCALS~1\Temp\mnso0.dll] [N/A, ]
[C:\WINDOWS\System32\wscpri.dll] [N/A, ]
[C:\WINDOWS\System32\tlmpri.dll] [N/A, ]
[C:\WINDOWS\System32\wdbpri.dll] [N/A, ]
[C:\WINDOWS\System32\zxfpri.dll] [N/A, ]
[C:\WINDOWS\System32\wldpri.dll] [N/A, ]
[C:\WINDOWS\System32\wgdpri.dll] [N/A, ]
[C:\WINDOWS\System32\qjepri.dll] [N/A, ]
[C:\WINDOWS\System32\xygpri.dll] [N/A, ]
[C:\WINDOWS\System32\ztlpri.dll] [N/A, ]
[C:\WINDOWS\System32\dhbpri.dll] [N/A, ]
[C:\WINDOWS\System32\mycpri.dll] [N/A, ]
[C:\WINDOWS\System32\qhbpri.dll] [N/A, ]
[PID: 1888 / lzjian][E:\kav2007\KMailMon.EXE] [Kingsoft Corporation, 2007, 4, 6, 956]
[C:\WINDOWS\System32\qhbpri.dll] [N/A, ]
[E:\kav2007\KAntiSpm.dll] [Kingsoft Corporation, 2007, 2, 25, 129]
[C:\WINDOWS\System32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\System32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[E:\kav2007\KAVIPC2.DLL] [Kingsoft Corporation, 2007, 1, 15, 30]
[E:\kav2007\KAECall2.DLL] [Kingsoft Corporation, 2004, 12, 28, 7]
[E:\kav2007\KAEPlat.DLL] [Kingsoft Corp., 2007, 6, 19, 64]
[E:\kav2007\KAEMem.DAT] [Kingsoft, 2006, 9, 25, 16]
[E:\kav2007\KAEUnpack.DAT] [Kingsoft Corp., 2007, 6, 20, 124]
[E:\kav2007\KAConfig.DLL] [Kingsoft Corporation, 2007, 1, 11, 41]
[E:\kav2007\KASocket.dll] [Kingsoft Corporation, 2007, 3, 18, 241]
[E:\kav2007\KMailOEBand.dll] [Kingsoft Corporation, 2006, 12, 1, 139]
[PID: 228 / SYSTEM][E:\kav2007\KPfwSvc.EXE] [Kingsoft Corporation, 2007, 2, 2, 31]
[PID: 244 / SYSTEM][C:\WINDOWS\System32\nvsvc32.exe] [NVIDIA Corporation, 6.14.10.8195]
[PID: 328 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\System32\qhbpri.dll] [N/A, ]
[PID: 1944 / lzjian][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\qhbpri.dll] [N/A, ]
[E:\kav2007\KMailOEBand.dll] [Kingsoft Corporation, 2006, 12, 1, 139]
[C:\WINDOWS\System32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\System32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[E:\kav2007\KASocket.dll] [Kingsoft Corporation, 2007, 3, 18, 241]
[e:\Program Files\Tencent\QQDownload\QQIEHelper01.dll] [腾讯公司, 1, 1, 0, 5]
[C:\Program Files\Yayad\AdCore.dll] [CDM, 1.0.0.1]
[C:\Program Files\TENCENT\SSPlus\SAddr.dll] [Tencent, 5, 0, 1, 17]
[E:\kav2007\KAVAFish.DLL] [Kingsoft Corporation, 2006, 10, 25, 27]
[C:\DOCUME~1\lzjian\LOCALS~1\Temp\mnso0.dll] [N/A, ]
[C:\WINDOWS\System32\wscpri.dll] [N/A, ]
[C:\WINDOWS\System32\jzgpri.dll] [N/A, ]
[C:\WINDOWS\System32\tlmpri.dll] [N/A, ]
[C:\WINDOWS\System32\wdbpri.dll] [N/A, ]
[C:\WINDOWS\System32\zxfpri.dll] [N/A, ]
[C:\WINDOWS\System32\wldpri.dll] [N/A, ]
[C:\WINDOWS\System32\wgdpri.dll] [N/A, ]
[C:\WINDOWS\System32\xygpri.dll] [N/A, ]
[C:\WINDOWS\System32\ztlpri.dll] [N/A, ]
[C:\WINDOWS\System32\dhbpri.dll] [N/A, ]
[C:\WINDOWS\System32\mycpri.dll] [N/A, ]
[E:\kav2007\KAScript.DLL] [Kingsoft Corporation, 2007, 3, 6, 75]
[E:\kav2007\KAEPlat.DLL] [Kingsoft Corp., 2007, 6, 19, 64]
[E:\kav2007\KAEMem.DAT] [Kingsoft, 2006, 9, 25, 16]
[E:\kav2007\KAEUnpack.DAT] [Kingsoft Corp., 2007, 6, 20, 124]
[C:\WINDOWS\System32\qjepri.dll] [N/A, ]
[C:\WINDOWS\System32\Macromed\Flash\Flash9d.ocx] [Adobe Systems, Inc., 9,0,47,0]
[C:\!WNM\WNMKEY.DLL] [N/A, ]
[PID: 3324 / lzjian][C:\!WNM\wnb.exe] [N/A, ]
[C:\!WNM\WNMKEY.DLL] [N/A, ]
[E:\kav2007\KMailOEBand.dll] [Kingsoft Corporation, 2006, 12, 1, 139]
[C:\WINDOWS\System32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\System32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[E:\kav2007\KASocket.dll] [Kingsoft Corporation, 2007, 3, 18, 241]
[C:\DOCUME~1\lzjian\LOCALS~1\Temp\mnso0.dll] [N/A, ]
[C:\WINDOWS\System32\wscpri.dll] [N/A, ]
[C:\WINDOWS\System32\jzgpri.dll] [N/A, ]
[C:\WINDOWS\System32\tlmpri.dll] [N/A, ]
[C:\WINDOWS\System32\wdbpri.dll] [N/A, ]
[C:\WINDOWS\System32\zxfpri.dll] [N/A, ]
[C:\WINDOWS\System32\wldpri.dll] [N/A, ]
[C:\WINDOWS\System32\wgdpri.dll] [N/A, ]
[C:\WINDOWS\System32\qjepri.dll] [N/A, ]
[C:\WINDOWS\System32\xygpri.dll] [N/A, ]
[C:\WINDOWS\System32\ztlpri.dll] [N/A, ]
[C:\WINDOWS\System32\dhbpri.dll] [N/A, ]
[C:\WINDOWS\System32\mycpri.dll] [N/A, ]
[C:\WINDOWS\System32\qhbpri.dll] [N/A, ]
[PID: 3800 / lzjian][I:\下载\sreng2\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
[C:\WINDOWS\System32\wdbpri.dll] [N/A, ]
[E:\kav2007\KMailOEBand.dll] [Kingsoft Corporation, 2006, 12, 1, 139]
[C:\WINDOWS\System32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\System32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[E:\kav2007\KASocket.dll] [Kingsoft Corporation, 2007, 3, 18, 241]
[C:\!WNM\WNMKEY.DLL] [N/A, ]
[C:\DOCUME~1\lzjian\LOCALS~1\Temp\mnso0.dll] [N/A, ]
[C:\WINDOWS\System32\wscpri.dll] [N/A, ]
[C:\WINDOWS\System32\jzgpri.dll] [N/A, ]
[C:\WINDOWS\System32\tlmpri.dll] [N/A, ]
[C:\WINDOWS\System32\zxfpri.dll] [N/A, ]
[C:\WINDOWS\System32\wldpri.dll] [N/A, ]
[C:\WINDOWS\System32\wgdpri.dll] [N/A, ]
[C:\WINDOWS\System32\qjepri.dll] [N/A, ]
[C:\WINDOWS\System32\xygpri.dll] [N/A, ]
[C:\WINDOWS\System32\ztlpri.dll] [N/A, ]
[C:\WINDOWS\System32\dhbpri.dll] [N/A, ]
[C:\WINDOWS\System32\mycpri.dll] [N/A, ]
[C:\WINDOWS\System32\qhbpri.dll] [N/A, ]
[I:\下载\sreng2\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 localhost

==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 1716, E:\KAV2007\KPFW32.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 1888, E:\KAV2007\KMAILMON.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 3324, C:\!WNM\WNB.EXE]

==================================
API HOOK
入口点错误：LoadLibraryExW (危险等级: 高, 被下面模块所HOOK: E:\kav2007\KASocket.dll)

==================================
隐藏进程
N/A

==================================

[/CODE]

瑞星卡卡安全论坛