瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 紧急情况~~~系统出错乐~~qq好多尾巴~~~日志在里面

12   1  /  2  页   跳转

紧急情况~~~系统出错乐~~qq好多尾巴~~~日志在里面

收藏
酒醉的小强
头像
自信弱冠狮
  • 帖子:370
  • 注册: 2006-03-30
  • 来自:
发表于: 2008-01-24 13:34 | 只看楼主 短消息 资料
字号: 1楼

紧急情况~~~系统出错乐~~qq好多尾巴~~~日志在里面

[CODE]

2008-01-24,13:08:10

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <KavStart><"D:\金山毒霸\KAVStart.exe" -startup>  [Kingsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <zhqb_df><rundll32.exe C:\WINDOWS\system\zhqbdf080120.dll mymain>  [N/A]
    <zhqbdf><rundll32.exe C:\WINDOWS\system\zhqbdf080116.dll mymain>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\Userinit.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\033.exe]
    <IFEO[033.exe]><C:\windows\system32\svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\1068.exe]
    <IFEO[1068.exe]><C:\windows\system32\svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\133c010.exe]
    <IFEO[133c010.exe]><C:\windows\system32\svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\3fa1.exe]
    <IFEO[3fa1.exe]><C:\windows\system32\svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\60e41.exe]
    <IFEO[60e41.exe]><C:\windows\system32\svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe]
    <IFEO[a.exe]><C:\windows\system32\svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ad6421.exe]
    <IFEO[ad6421.exe]><C:\windows\system32\svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aimi008.exe]
    <IFEO[aimi008.exe]><C:\windows\system32\svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\an006.exe]
    <IFEO[an006.exe]><C:\windows\system32\svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwghst.exe]
    <IFEO[avwghst.exe]><C:\windows\system32\svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avzxmst.exe]
    <IFEO[avzxmst.exe]><C:\windows\system32\svchost.exe>  [(Verified)Microsoft Windows Publisher]

[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
最后编辑2008-01-24 14:22:57
分享到:
gototop
 
酒醉的小强
头像
自信弱冠狮
  • 帖子:370
  • 注册: 2006-03-30
  • 来自:
发表于: 2008-01-24 13:35 | 只看楼主 短消息 资料
字号: 2楼

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cns.exe]
    <IFEO[cns.exe]><C:\windows\system32\svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\d03.exe]
    <IFEO[d03.exe]><C:\windows\system32\svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\d39.exe]
    <IFEO[d39.exe]><C:\windows\system32\svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DelMI2345.exe]
    <IFEO[DelMI2345.exe]><C:\windows\system32\svchost.exe>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dms.exe]
    <IFEO[dms.exe]><C:\windows\system32\svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dns.exe]
    <IFEO[dns.exe]><C:\windows\system32\svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dodolook573.exe]
    <IFEO[dodolook573.exe]><C:\windows\system32\svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dodolook615.exe]
    <IFEO[dodolook615.exe]><C:\windows\system32\svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dodolook7529.exe]
    <IFEO[dodolook7529.exe]><C:\windows\system32\svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FirefoxGoogleToolbarSetup.exe]
    <IFEO[FirefoxGoogleToolbarSetup.exe]><C:\windows\system32\svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gjfhazc.exe]
    <IFEO[gjfhazc.exe]><C:\windows\system32\svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gjtmazc.exe]
    <IFEO[gjtmazc.exe]><C:\windows\system32\svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GLF49.tmp.exe]
    <IFEO[GLF49.tmp.exe]><C:\windows\system32\svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\habooSetup_a.exe]
    <IFEO[habooSetup_a.exe]><C:\windows\system32\svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\habooSetup_b.exe]
    <IFEO[habooSetup_b.exe]><C:\windows\system32\svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\habooSetup_c.exe]
    <IFEO[habooSetup_c.exe]><C:\windows\system32\svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\host.exe]
    <IFEO[host.exe]><C:\windows\system32\svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kafykaz.exe]
    <IFEO[kafykaz.exe]><C:\windows\system32\svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kapjgaz.exe]
    <IFEO[kapjgaz.exe]><C:\windows\system32\svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KERNL32.exe]
    <IFEO[KERNL32.exe]><C:\windows\system32\svchost.exe>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvdxlis.exe]
    <IFEO[kvdxlis.exe]><C:\windows\system32\svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvdxslis.exe]
    <IFEO[kvdxslis.exe]><C:\windows\system32\svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\LYLOADER.EXE]
    <IFEO[LYLOADER.EXE]><C:\windows\system32\svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mprmsgse.axz]
    <IFEO[mprmsgse.axz]><C:\windows\system32\svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\my_70145.exe]
    <IFEO[my_70145.exe]><C:\windows\system32\svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pp.exe]
    <IFEO[pp.exe]><C:\windows\system32\svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qyl_tmp.exe]
    <IFEO[qyl_tmp.exe]><C:\windows\system32\svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\realplay.exe]
    <IFEO[realplay.exe]><C:\windows\system32\svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Routingi.exe]
    <IFEO[Routingi.exe]><C:\windows\system32\svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rsjzasp.exe]
    <IFEO[rsjzasp.exe]><C:\windows\system32\svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rundll.exe]
    <IFEO[rundll.exe]><C:\windows\system32\svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\servciesff.exe]
    <IFEO[servciesff.exe]><C:\windows\system32\svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snowfall.exe]
    <IFEO[snowfall.exe]><C:\windows\system32\svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\svch0st.exe]
    <IFEO[svch0st.exe]><C:\windows\system32\svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\svchcst.exe]
    <IFEO[svchcst.exe]><C:\windows\system32\svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sysloader.exe]
    <IFEO[sysloader.exe]><C:\windows\system32\svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SystemApiReg.exe]
    <IFEO[SystemApiReg.exe]><C:\windows\system32\svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\temp0031.tmp]
    <IFEO[temp0031.tmp]><C:\windows\system32\svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\upxdnd.exe]
    <IFEO[upxdnd.exe]><C:\windows\system32\svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\usbhelp.exe]
    <IFEO[usbhelp.exe]><C:\windows\system32\svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\uusee.exe]
    <IFEO[uusee.exe]><C:\windows\system32\svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vista.exe]
    <IFEO[vista.exe]><C:\windows\system32\svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wan1.exe]
    <IFEO[wan1.exe]><C:\windows\system32\svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\windowssystem.exe]
    <IFEO[windowssystem.exe]><C:\windows\system32\svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winsys.exe]
    <IFEO[winsys.exe]><C:\windows\system32\svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wscript32.exe]
    <IFEO[wscript32.exe]><C:\windows\system32\svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wsmseax.exe]
    <IFEO[wsmseax.exe]><C:\windows\system32\svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zsmscc071001.exe]
    <IFEO[zsmscc071001.exe]><C:\windows\system32\svchost.exe>  [(Verified)Microsoft Windows Publisher]
gototop
 
酒醉的小强
头像
自信弱冠狮
  • 帖子:370
  • 注册: 2006-03-30
  • 来自:
发表于: 2008-01-24 13:35 | 只看楼主 短消息 资料
字号: 3楼

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <Alcmtr><; ALCMTR.EXE>  [(Verified)Microsoft Windows Component Publisher]
    <BisonHK><; C:\WINDOWS\BisonCam\BisonHK.exe>  []
    <BisonTrayIcon><; C:\WINDOWS\BisonCam\BisonTrayIcon.exe>  []
    <IMSCMig><; C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>  [(Verified)Microsoft Corporation]
    <ISUSPM Startup><; C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup>  [InstallShield Software Corporation]
    <ISUSScheduler><; "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start>  [InstallShield Software Corporation]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <KavPFW><; "D:\金山毒霸\KPFW32.EXE">  [Kingsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <kpcdst><; D:\金山影霸\cdsprite.exe>  []
    <RTHDCPL><; RTHDCPL.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <SiSPower><; Rundll32.exe SiSPower.dll,ModeAgent>  [Silicon Integrated Systems Corporation]
    <SkyTel><; SkyTel.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <SMSERIAL><; C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe>  [Motorola Inc.]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <swg><; C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <SynTPEnh><; C:\Program Files\Synaptics\SynTP\SynTPEnh.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <TkBellExe><; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [(Verified)"RealNetworks, Inc."]

==================================
启动文件夹
N/A

==================================
服务
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
  <"C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"><Macrovision Corporation>
[Kingsoft Personal Firewall Service / KPfwSvc][Running/Auto Start]
  <"D:\金山毒霸\KPfwSvc.EXE"><Kingsoft Corporation>
[Kingsoft Antivirus KWatch Service / KWatchSvc][Running/Auto Start]
  <D:\金山毒霸\KWatch.EXE><Kingsoft Corporation>
[System Restore Service / srservice][Stopped/Auto Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\srsvc.dll><N/A>

==================================
驱动程序
[BisonCam, NB Pro / Cam5603D][Running/Manual Start]
  <System32\Drivers\BisonCam.sys><Bison Electronics. Inc.>
[d347bus / d347bus][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\d347bus.sys><>
[d347prt / d347prt][Running/Boot Start]
  <\SystemRoot\System32\Drivers\d347prt.sys><>
[EMSCR / EMSCR][Running/Manual Start]
  <system32\DRIVERS\EMS7SK.sys><ENE Technology Inc.>
[ESDCR / ESDCR][Running/Manual Start]
  <system32\DRIVERS\ESD7SK.sys><ENE Technology Inc.>
[VIA Rhine Family Fast Ethernet Adapter Driver Service / FETNDISB][Stopped/Manual Start]
  <system32\DRIVERS\fetnd5b.sys><VIA Technologies, Inc.>
[Microsoft 用于 High Definition Audio 的 UAA 总线驱动程序 / HDAudBus][Running/Manual Start]
  <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[ialm / ialm][Stopped/Manual Start]
gototop
 
酒醉的小强
头像
自信弱冠狮
  • 帖子:370
  • 注册: 2006-03-30
  • 来自:
发表于: 2008-01-24 13:35 | 只看楼主 短消息 资料
字号: 4楼

<system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]
  <system32\drivers\RtkHDAud.sys><Realtek Semiconductor Corp.>
[KAVBootC / KAVBootC][Running/Boot Start]
  <\SystemRoot\system32\Drivers\KAVBootC.sys><Kingsoft Corporation>
[KAVSafe / KAVSafe][Running/Auto Start]
  <\??\C:\WINDOWS\system32\Drivers\KAVSafe.sys><Kingsoft Corporation>
[KNetWch / KNetWch][Running/System Start]
  <\??\D:\金山毒霸\KNetWch.SYS><Kingsoft Corporation>
[KWatch3 / KWatch3][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\KWatch3.SYS><Kingsoft Corporation>
[nv3 / nv3i][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\nv3i.sys><N/A>
[StarForce Protection Environment Driver v6 / prodrv06][Running/System Start]
  <\SystemRoot\System32\drivers\prodrv06.sys><Protection Technology>
[StarForce Protection Helper Driver v2 / prohlp02][Running/Boot Start]
  <\SystemRoot\System32\drivers\prohlp02.sys><Protection Technology>
[StarForce Protection Synchronization Driver v1 / prosync1][Running/Boot Start]
  <\SystemRoot\System32\drivers\prosync1.sys><Protection Technology>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter / RTLWUSB][Running/Manual Start]
  <system32\DRIVERS\RTL8187.sys><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[StarForce Protection Helper Driver / sfhlp01][Running/Boot Start]
  <\SystemRoot\System32\drivers\sfhlp01.sys><Protection Technology>
[SiS315 / SiS315][Running/Manual Start]
  <system32\DRIVERS\sisgrp.sys><Silicon Integrated Systems Corporation>
[SiS191/SiS190 Ethernet Device NDIS 5.1 Driver / SiSGbeXP][Running/Manual Start]
  <system32\DRIVERS\SiSGbeXP.sys><Silicon Integrated Systems Corp.>
[SiSide / SiSide][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\siside.sys><Silicon Integrated Systems Corp.>
[SiSkp / SiSkp][Running/System Start]
  <system32\DRIVERS\srvkp.sys><Silicon Integrated Systems Corporation>
[smserial / smserial][Running/Manual Start]
  <system32\DRIVERS\smserial.sys><Motorola Inc.>
[System Restore Filter Driver / sr][Stopped/Boot Start]
  <\SystemRoot\system32\DRIVERS\sr.sys><N/A>
[Synaptics TouchPad Driver / SynTP][Running/Manual Start]
  <system32\DRIVERS\SynTP.sys><Synaptics, Inc.>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[z69 / z69i][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\z69i.sys><N/A>

==================================
浏览器加载项
[ThunderAtOnce Class]
  {01443AEC-0FD1-40fd-9C87-E93D1494C233} <D:\讯雷\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[RealPlayer Download and Record Plugin for Internet Explorer]
  {3049C3E9-B461-4BC5-8870-4C09146192CA} <C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll, RealPlayer>
[CBrowseStakeout Class]
  {55302805-482E-470E-8A57-6795A1487F90} <D:\金山毒霸\KAVAFish.DLL, Kingsoft Corporation>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <D:\讯雷\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <D:\xl\Thunder.exe, N/A>
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[YlmF]
  {F599A876-B108-41E0-924A-801B7715A087} <http://www.ylmf.com, N/A>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[ThunderAtOnce Class]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <D:\讯雷\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[PeerDraw Class]
  {10072CEC-8CC1-11D1-986E-00A0C955B42E} <C:\Program Files\Common Files\Microsoft Shared\VGX\vgx.dll, Microsoft Corporation>
[CEnroll Class]
  {127698E4-E730-4E5C-A2B1-21490A70C8A1} <C:\WINDOWS\system32\xenroll.dll, Microsoft Corporation>
[Windows Genuine Advantage Validation Tool]
  {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, Microsoft Corporation>
[IESuperHelper]
  {1A49F431-2A2E-41A5-9080-0F41D1A3AEC1} <C:\PROGRA~1\IESuper\iesuper.dll, >
gototop
 
酒醉的小强
头像
自信弱冠狮
  • 帖子:370
  • 注册: 2006-03-30
  • 来自:
发表于: 2008-01-24 13:36 | 只看楼主 短消息 资料
字号: 5楼

[IESuper]
  {1A49F431-2A2E-41A5-9080-0F41D1A3AEC2} <C:\PROGRA~1\IESuper\iesuper.dll, >
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[RealPlayer Download and Record Plugin for Internet Explorer]
  {3049C3E9-B461-4BC5-8870-4C09146192CA} <C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll, RealPlayer>
[XML Document]
  {48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[Thunder Agent Class]
  {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <D:\讯雷\ComDlls\ThunderAgent_Now.dll, Thunder Networking Technologies,LTD>
[Shell Name Space]
  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[CBrowseStakeout Class]
  {55302805-482E-470E-8A57-6795A1487F90} <D:\金山毒霸\KAVAFish.DLL, Kingsoft Corporation>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[XMP Class]
  {6483F145-A768-4C41-AACC-52D4D7845851} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, >
[XDRM]
  {693571CB-54A3-4E90-9D52-EEAE1334E2D3} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work, >
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Active Desktop Mover]
  {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[MediaComm Class]
  {7670648D-461B-42AF-BDFE-46D26AF5EFF2} <D:\xl\Components\InMedia\MediaAddin14.dll, N/A>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <D:\讯雷\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[RMGetLicense Class]
  {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation>
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[AUDIO__MID Moniker Class]
  {CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__MP3 Moniker Class]
  {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__WAV Moniker Class]
  {CD3AFA7B-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__X_MS_WMA Moniker Class]
  {CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx, Adobe Systems, Inc.>
[PasswordEditCtrl Class]
  {E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技(深圳)有限公司>
[Thunder DapPlayer]
  {EEDD6FF9-13DE-496B-9A1C-D78B3215E266} <D:\xl\Components\DownAndPlay\DapPlayer3.0.35.59.dll, N/A>
[XPPlayer Class]
  {F3E70CEA-956E-49CC-B444-73AFE593AD7F} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\pplayer.dll_1_work, Thunder>
[上传到QQ网络硬盘]
  <C:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[使用迅雷下载]
  <D:\讯雷\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
  <D:\讯雷\Program\getallurl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
  <C:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <C:\Program Files\Tencent\QQ\SendMMS.htm, N/A>
[金山毒霸反钓鱼...]
  <D:\金山毒霸\KAF\ShowSet.htm, N/A>

==================================
正在运行的进程
[PID: 448 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 832 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 856 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 900 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 912 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\xunyount.dll]  [N/A, ]
[PID: 1080 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1136 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\xunyount.dll]  [N/A, ]
[PID: 1312 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\xunyount.dll]  [N/A, ]
    [C:\WINDOWS\System32\msexec.dll]  [N/A, ]
gototop
 
酒醉的小强
头像
自信弱冠狮
  • 帖子:370
  • 注册: 2006-03-30
  • 来自:
发表于: 2008-01-24 13:36 | 只看楼主 短消息 资料
字号: 6楼

[PID: 1428 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\xunyount.dll]  [N/A, ]
[PID: 1540 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\xunyount.dll]  [N/A, ]
[PID: 1804 / SYSTEM][D:\金山毒霸\KWatch.EXE]  [Kingsoft Corporation, 2005, 9, 27, 51]
    [D:\金山毒霸\KAVIPC2.DLL]  [Kingsoft Corporation, 2004, 12, 28, 20]
    [D:\金山毒霸\KAEPlat.DLL]  [Kingsoft Corp., 2006, 5, 30, 59]
    [D:\金山毒霸\KAEMem.DAT]  [Kingsoft, 2006, 9, 25, 16]
    [D:\金山毒霸\KAEUnpack.DAT]  [Kingsoft Corp., 2006, 10, 26, 69]
[PID: 1876 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\WINDOWS\system32\mdimon.dll]  [Microsoft Corporation, 11.3.2175.0]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll]  [Microsoft Corporation, 11.3.2175.0]
[PID: 292 / Administrator][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [D:\金山毒霸\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
    [D:\金山毒霸\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 9, 7, 132]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [D:\讯雷\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.5.16]
    [D:\讯雷\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 44]
    [D:\讯雷\Components\ResWorker\DsBho_00.dll]  [, 1, 0, 0, 12]
    [D:\讯雷\Components\ResWorker\DataProcessor_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 13]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [D:\金山毒霸\KAVEXT.DLL]  [Kingsoft Corporation, 2005, 8, 5, 16]
[PID: 572 / Administrator][C:\WINDOWS\system32\rundll32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system\zhqbdf080120.dll]  [N/A, ]
    [D:\金山毒霸\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
[PID: 580 / Administrator][C:\WINDOWS\system32\rundll32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system\zhqbdf080116.dll]  [N/A, ]
    [D:\金山毒霸\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
[PID: 592 / Administrator][D:\金山毒霸\KAVStart.exe]  [Kingsoft Corporation, 2006, 11, 10, 212]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MFC71CHS.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [D:\金山毒霸\KAVIPC2.DLL]  [Kingsoft Corporation, 2004, 12, 28, 20]
    [D:\金山毒霸\SvcTimer.DLL]  [Kingsoft Corporation, 2006.7.24.80]
    [D:\金山毒霸\PopSprt3.dll]  [Kingsoft Corporation, 2006, 9, 26, 38]
    [D:\金山毒霸\KAVPassp.dll]  [Kingsoft Corporation, 2006, 9, 7, 270]
    [D:\金山毒霸\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
    [C:\WINDOWS\system32\xunyount.dll]  [N/A, ]
    [D:\金山毒霸\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 9, 7, 132]
[PID: 608 / Administrator][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\金山毒霸\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
[PID: 760 / Administrator][D:\金山毒霸\KMailMon.EXE]  [Kingsoft Corporation, 2006, 9, 7, 918]
    [D:\金山毒霸\KAntiSpm.dll]  [Kingsoft Corporation, 2006, 8, 19, 104]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [D:\金山毒霸\KAVIPC2.DLL]  [Kingsoft Corporation, 2004, 12, 28, 20]
    [D:\金山毒霸\KAECall2.DLL]  [Kingsoft Corporation, 2004, 12, 28, 7]
    [D:\金山毒霸\KAEPlat.DLL]  [Kingsoft Corp., 2006, 5, 30, 59]
    [D:\金山毒霸\KAEMem.DAT]  [Kingsoft, 2006, 9, 25, 16]
    [D:\金山毒霸\KAEUnpack.DAT]  [Kingsoft Corp., 2006, 10, 26, 69]
    [D:\金山毒霸\KAConfig.DLL]  [Kingsoft Corporation, 2006, 10, 30, 39]
    [D:\金山毒霸\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
    [D:\金山毒霸\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 9, 7, 132]
[PID: 768 / Administrator][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\金山毒霸\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
[PID: 1192 / Administrator][C:\program files\internet explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\金山毒霸\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 9, 7, 132]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [D:\金山毒霸\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
    [D:\讯雷\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.5.16]
    [C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll]  [RealPlayer, 1.0.0.522]
    [C:\Program Files\Real\RealPlayer\lang\rpbrp_cn.dll]  [RealNetworks, Inc., 6.0.14.0]
    [D:\金山毒霸\KAVAFish.DLL]  [Kingsoft Corporation, 2006, 10, 25, 27]
    [D:\讯雷\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 44]
    [D:\讯雷\Components\ResWorker\DsBho_00.dll]  [, 1, 0, 0, 12]
    [D:\讯雷\Components\ResWorker\DataProcessor_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 13]
    [C:\WINDOWS\system32\xunyount.dll]  [N/A, ]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
[PID: 244 / SYSTEM][D:\金山毒霸\KPfwSvc.EXE]  [Kingsoft Corporation, 2005, 9, 5, 28]
[PID: 1708 / SYSTEM][C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE]  [Microsoft Corporation, 7.00.9466]
    [C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\2052\mdmui.dll]  [Microsoft Corporation, 7.00.9466]
[PID: 1816 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1972 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\xunyount.dll]  [N/A, ]
[PID: 2264 / Administrator][C:\Program Files\Tencent\QQ\QQ.exe]  [TENCENT, 0, 0, 0, 0]
    [C:\Program Files\Tencent\QQ\QQBaseClassInDll.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Tencent\QQ\QQHelperDll.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Tencent\QQ\BasicCtrlDll.dll]  [Tencent, 7, 0, 101, 80]
    [C:\Program Files\Tencent\QQ\MFC42.DLL]  [Microsoft Corporation, 6.00.8665.0]
    [D:\金山毒霸\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 9, 7, 132]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [D:\金山毒霸\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
    [C:\Program Files\Tencent\QQ\RICHED32.DLL]  [Microsoft Corporation, 5.00.2134.1]
    [C:\Program Files\Tencent\QQ\RICHED20.dll]  [Microsoft Corporation, 5.31.23.1218]
    [C:\Program Files\Tencent\QQ\QQAPI.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Tencent\QQ\TIMProxy.dll]  [tencent, 0, 3, 2, 4]
    [C:\Program Files\Tencent\QQ\LoginCtrl.dll]  [N/A, ]
    [C:\Program Files\Tencent\QQ\LoginCtrlRes.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Tencent\QQ\QQRes.dll]  [tencent, 1, 0, 0, 1]
    [C:\Program Files\Tencent\QQ\QQMainFrame.dll]  [N/A, ]
    [C:\Program Files\Tencent\QQ\CQQApplication.dll]  [N/A, ]
    [C:\Program Files\Tencent\QQ\NewSkin.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Tencent\QQ\HostingMgr.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Tencent\QQ\CameraDll.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Tencent\QQ\MailSummary.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Tencent\QQ\QQKnowledgeSearch.dll]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\xunyount.dll]  [N/A, ]
    [C:\Program Files\Tencent\QQ\QQAllInOne.dll]  [N/A, ]
    [C:\Program Files\Tencent\QQ\GroupLive.dll]  [N/A, ]
    [C:\Program Files\Tencent\QQ\SCCore.dll]  [TENCENT, 2, 0, 0, 1]
gototop
 
酒醉的小强
头像
自信弱冠狮
  • 帖子:370
  • 注册: 2006-03-30
  • 来自:
发表于: 2008-01-24 13:36 | 只看楼主 短消息 资料
字号: 7楼

[C:\Program Files\Tencent\QQ\gdiplus.dll]  [Microsoft Corporation, 5.1.3102.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Tencent\QQ\QQSpace.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Tencent\QQ\vbscript.dll]  [Microsoft Corporation, 5.6.0.7426]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
    [C:\Program Files\Tencent\QQ\QQGroupMng.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Tencent\QQ\UserDefinedHead.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Tencent\QQ\QQPlugin.dll]  [N/A, ]
    [C:\Program Files\Tencent\QQ\QQConfigPlugin.dll]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx]  [Adobe Systems, Inc., 9,0,47,0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Tencent\QQ\QRingMng.dll]  [N/A, ]
    [C:\Program Files\Tencent\QQ\LongConnection.dll]  [tencent, 5, 0, 200, 160]
    [C:\Program Files\Tencent\QQ\QQAvatar.dll]  [N/A, ]
    [C:\Program Files\Tencent\QQ\FlashAvatarDll.dll]  [, 1, 4, 0, 1]
    [C:\Program Files\Tencent\QQ\PhoneAPI.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Tencent\QQ\DialerAllinOne.dll]  [tencent, 1, 4, 0, 0]
    [C:\Program Files\Tencent\QQ\QQPet.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Tencent\QQ\QQCustomFace.dll]  [N/A, ]
    [C:\Program Files\Tencent\QQ\ImageOle.dll]  [TODO: <Company name>, 1.0.0.1]
    [C:\Program Files\Tencent\QQ\QQSceneMng.dll]  [N/A, ]
    [C:\Program Files\Tencent\QQ\QQSysMsgMng.dll]  [N/A, ]
    [C:\Program Files\Tencent\QQ\BQQApplication.dll]  [N/A, ]
    [C:\Program Files\Tencent\QQ\QQAddr.dll]  [深圳市腾讯计算机系统有限公司, 5, 0, 101, 280]
    [C:\Program Files\Tencent\QQ\npkcntc.dll]  [INCA Internet Co., Ltd., 2006, 6, 27, 1]
    [C:\Program Files\Tencent\QQ\npkpdb.dll]  [INCA Internet Co., Ltd., 2003, 10, 1, 1]
    [C:\Program Files\Tencent\QQ\QQFileTransfer.dll]  [Tencent, 0, 3, 3, 5]
    [C:\Program Files\Tencent\QQ\GroupConnection.dll]  [Tencent, 0, 3, 3, 5]
    [C:\Program Files\Tencent\QQ\CommercesMng.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Tencent\QQ\PersonalDesktop.dll]  [深圳市腾讯计算机系统公司QQ工作小组, 1, 0, 0, 2]
    [D:\金山毒霸\KAScript.DLL]  [Kingsoft Corporation, 2006, 11, 9, 68]
    [D:\金山毒霸\KAEPlat.DLL]  [Kingsoft Corp., 2006, 5, 30, 59]
    [D:\金山毒霸\KAEMem.DAT]  [Kingsoft, 2006, 9, 25, 16]
    [D:\金山毒霸\KAEUnpack.DAT]  [Kingsoft Corp., 2006, 10, 26, 69]
    [C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL]  [Microsoft Corporation, 11.0.5510]
    [C:\Program Files\Tencent\QQ\QQPhoneHelper.dll]  [腾讯科技(深圳)有限公司, 2, 2, 1, 11]
    [C:\Program Files\Tencent\QQ\QQMagicFace.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Tencent\QQ\QQZip.dll]  [tencent, 0, 3, 2, 4]
[PID: 2808 / Administrator][C:\Program Files\Tencent\QQ\TIMPlatform.exe]  [tencent, 0, 3, 1, 8]
    [D:\金山毒霸\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 9, 7, 132]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [D:\金山毒霸\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
    [C:\Program Files\Tencent\QQ\TIMProxy.dll]  [tencent, 0, 3, 2, 4]
[PID: 392 / Administrator][C:\Documents and Settings\Administrator\桌面\新建文件夹\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [D:\金山毒霸\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 9, 7, 132]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [D:\金山毒霸\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
    [C:\Documents and Settings\Administrator\桌面\新建文件夹\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
    [C:\WINDOWS\system32\xunyount.dll]  [N/A, ]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  Error. [winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
xunyou over MSAFD Tcpip [TCP/IP]
    C:\WINDOWS\system32\xunyount.dll(, N/A)
xunyou over MSAFD Tcpip [UDP/IP]
    C:\WINDOWS\system32\xunyount.dll(, N/A)
xunyou over MSAFD Tcpip [RAW/IP]
    C:\WINDOWS\system32\xunyount.dll(, N/A)
xunyou
    C:\WINDOWS\system32\xunyount.dll(, N/A)
gototop
 
酒醉的小强
头像
自信弱冠狮
  • 帖子:370
  • 注册: 2006-03-30
  • 来自:
发表于: 2008-01-24 13:36 | 只看楼主 短消息 资料
字号: 8楼

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
124.238.254.113 loader.smartpv.cn
124.238.254.113 lm.9cdn.com
124.238.254.113 444.916kk.com
124.238.254.113 www.916kk.com
124.238.254.113 travel.yahoo550.com
124.238.254.113 www.yahoo550.com
124.238.254.113 push.cpushpop.com
124.238.254.113 www.ddz248.com
124.238.254.113 google.netcdn.com
124.238.254.113 soft.16990.com
124.238.254.113 update.borlander.cn
124.238.254.113 www.borlander.com.cn
124.238.254.113 tb.9533.com
124.238.254.113 total.9533.com
124.238.254.113 up.bizmd.cn
124.238.254.113 sm.bizmd.cn

==================================
进程特权扫描
特殊特权被允许: SeDebugPrivilege [PID = 760, D:\金山毒霸\KMAILMON.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 2264, C:\PROGRAM FILES\TENCENT\QQ\QQ.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2264, C:\PROGRAM FILES\TENCENT\QQ\QQ.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2808, C:\PROGRAM FILES\TENCENT\QQ\TIMPLATFORM.EXE]

==================================
API HOOK
入口点错误:LoadLibraryExW (危险等级: 高,  被下面模块所HOOK: D:\金山毒霸\KASocket.dll)

==================================
隐藏进程
N/A

==================================


[/CODE]
gototop
 
酒醉的小强
头像
自信弱冠狮
  • 帖子:370
  • 注册: 2006-03-30
  • 来自:
发表于: 2008-01-24 13:40 | 只看楼主 短消息 资料
字号: 9楼

5555555555谁能快速解决下~
gototop
 
酒醉的小强
头像
自信弱冠狮
  • 帖子:370
  • 注册: 2006-03-30
  • 来自:
发表于: 2008-01-24 13:49 | 只看楼主 短消息 资料
字号: 10楼

55555555555还没人来哦~
gototop
 
<<上一主题|下一主题>>
12   1  /  2  页   跳转
页面顶部
Powered by Discuz!NT