哪位帮帮忙啊,进游戏自动弹出
当前离线
1466339 帖子
0 阅读权限
20 在线时间
2 小时 注册时间
2007-9-27 最后登录
2008-7-20 新兵
17 元宝
6 字体大小:
发表于 2007-9-27 17:07
哪位帮帮忙啊,进游戏自动弹出
我在运行魔兽游戏后大概10-15分钟会自动弹出,效果相当于alt+f4,开始查毒有一个qq盗号病毒,杀了后还是不行,重装了插件也不行,现在重装软件中。请问下有没有什么好办法啊。病毒叫visinQQ盗号者。
sreng报告如下
2007-09-27,16:58:36
System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)
Windows XP Home Editio (Build 2600) - 管理权限用户 - 完整功能
以下内容被选中: 所有的启动项目(包括注册表、启动文件夹、服务等) 浏览器加载项 正在运行的进程(包括进程模块信息) 文件关联 Wi ock 提供者 Autorun.inf HOSTS 文件 进程特权扫描
启动项目
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] ctfmon.exeC:\WINDOWS\System32\ctfmon.exe> [(Verified)Microsoft Windows XP Publisher] MSMSGSC:\Program Files\Me enger\msmsgs.exe /background> [(Verified)Microsoft Windows XP Publisher] KavPFWC:\K***2007\KPFW32.EXE" gt [Kingsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] load> lt gt [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] PHIME2002ASyncC:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Windows XP Publisher] PHIME2002AC:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Windows XP Publisher] DellTouchC:\WINDOWS\DELLMMKB.EXE> [Netropa Corp.] IgfxTrayC:\WINDOWS\System32\igfxtray.exe> [(Verified)Microsoft Windows XP Publisher] CertificateRegistratio gt lt;SafeSignCertReg.exe> [A.E.T. Europe B.V.] KavStartC:\K***2007\K***Start.exe -startu gt [Kingsoft Corporation] IMJPMIG8.1C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] < hellExplorer.exe> [(Verified)Microsoft Windows XP Publisher] UserinitC:\WINDOWS\System32\UserInit.exe,> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] A Init_DLL gt lt gt [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UIHostlogonui.exe> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] {8DFA2904-9664-43AE-8929-4347554D24B6}C:\WINDOWS\System32\csavpw1.dll> [] {86AAC8D7-BA19-48AC-9269-3C76A52642EC}C:\WINDOWS\System32\msavpw1.dll> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\I talled Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] Microsoft Windows Media Player 6.4rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mplayer2.inf,PerUserStub.NT> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\I talled Components\{2bf41072-b2b1-21c1-b5c1-0305f4155515}] N/Ac:\temp\i tall.pif> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\I talled Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] Themes Setu gt lt;%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserI tall %SystemRoot%\system32\themeui.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\I talled Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] Microsoft Outlook Expre 6%ProgramFiles%\Outlook Expre \setup50.exe /APP:OE /CALLER:WINNT /user /i tall> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\I talled Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] NetMeeting 3.01rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\m etmtg.inf,NetMtg.I tall.PerUser.NT> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\I talled Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}] Windows Me enger 4.0rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.I tall.PerUser> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\I talled Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] Microsoft Windows Media Player 8rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStu gt [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\I talled Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] 通讯簿 6%ProgramFiles%\Outlook Expre \setup50.exe /APP:WAB /CALLER:WINNT /user /i tall> [N/A]
==================================
启动文件夹
==================================
[Ati HotKey Poller / Ati HotKey Poller][Ru ing/Auto Start] lt;C:\WINDOWS\System32\Ati2evxx.exe
[Human Interface Device Acce / HidServ][Sto ed/Disabled] lt;C:\WINDOWS\System32\svchost.exe -k netsvcs--%SystemRoot%\System32\hidserv.dllN/A
[IMAPI CD-Burning COM Service / ImapiService][Sto ed/Manual Start] lt;C:\WINDOWS\System32\imapi.exeMicrosoft Corporatio gt;
[Kingsoft Personal Firewall Service / KPfwSvc][Ru ing/Auto Start] lt quot;C:\K***2007\KPfwSvc.EXEKingsoft Corporatio gt;
[Kingsoft Antivirus KWatch Service / KWatchSvc][Ru ing/Auto Start] lt;C:\K***2007\KWatch.EXEKingsoft Corporatio gt;
[Netropa NHK Server / Nhksrv][Sto ed/Disabled] lt;C:\WINDOWS\Nhksrv.exeN/A
[Qvod Terminal / Qvod Terminal][Ru ing/Auto Start] lt;C:\Program Files\QvodPlayer\QvodTerminal.exeShenzhen TASK Technology Co.,Ltd
[SRCSVC / SRCSVC][Sto ed/Disabled] lt;C:\WINDOWS\srcsvc.exeN/A
[Network Provisioning Stop / xmlpro][Sto ed/Disabled] lt;C:\WINDOWS\System32\Lysvr.exe -ru gt lt;N/A
==================================
驱动程序
[3ov / 3ov1][Sto ed/Disabled] lt;\SystemRoot\System32\DRIVERS\3ov1.sy gt lt;N/A
[aeaudio / aeaudio][Ru ing/Manual Start] lt ystem32\drivers\aeaudio.sy gt lt;Andrea Electronics Corporatio gt;
[ati2mtag / ati2mtag][Ru ing/Manual Start] lt;System32\DRIVERS\ati2mtag.sy gt lt;ATI Technologies Inc.
[u Card Device / ft2kEnum][Ru ing/Manual Start] lt;System32\DRIVERS\ic2kenum.sy gt lt;OEM Corporatio gt;
[USB Chip Holder Service / GDBaseSmc][Ru ing/Manual Start] lt;System32\DRIVERS\Chip_smc.sy gt lt;OEM
[USB Chip Service / GD_USB][Sto ed/Manual Start] lt;System32\DRIVERS\Chip_u .sy gt lt gt;
[ialm / ialm][Ru ing/Manual Start] lt;System32\DRIVERS\ialmnt5.sy gt lt;Intel Corporatio gt;
[K***BootC / K***BootC][Ru ing/Boot Start] lt;\SystemRoot\System32\Drivers\K***BootC.sy gt lt;Kingsoft Corporatio gt;
[KNetWch / KNetWch][Ru ing/System Start] lt;\??\C:\K***2007\KNetWch.SYSKingsoft Corporatio gt;
[KWatch3 / KWatch3][Ru ing/System Start] lt;\??\C:\WINDOWS\System32\drivers\KWatch3.SYSKingsoft Corporatio gt;
[DellTouch / Msikbd2k][Ru ing/Manual Start] lt;System32\DRIVERS\msikbd2k.sy gt lt;Netropa Corporatio gt;
[OMCI / OMCI][Ru ing/System Start] lt;\SystemRoot\SYSTEM32\DRIVERS\OMCI.SYSDell Computer Corporatio gt;
[Direct Parallel Link Driver / Ptilink][Ru ing/Manual Start] lt;System32\DRIVERS\ptilink.sy gt lt;Parallel Technologies, Inc.
[SmartCard Reader Device / Reader_Device][Ru ing/Manual Start] lt;System32\DRIVERS\u ic2k.sy gt lt;OEM
[Realtek RTL8139/810X Family PCI Fast Ethernet NIC NT Driver / rtl8139][Ru ing/Manual Start] lt;System32\DRIVERS\RTL8139.SYSRealtek Semiconductor Corporatio gt;
[Secdrv / Secdrv][Sto ed/Manual Start] lt;System32\DRIVERS\secdrv.sy gt lt;N/A
[smwdm / smwdm][Ru ing/Manual Start] lt ystem32\drivers\smwdm.sy gt lt;Analog Devices, Inc.
[Intel(R) Graphics Platform (SoftBIOS) Driver / {6080A529-897E-4629-A488-ABA0C29B635E}][Ru ing/System Start] lt ystem32\drivers\ialm w.sy gt lt;Intel Corporatio gt;
[Intel(R) Graphics Chi et (KCH) Driver / {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}][Ru ing/Manual Start] lt ystem32\drivers\ialmkchw.sy gt lt;Intel Corporatio gt;
==================================
浏览器加载项
[BitComet Helper] {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} C:\Program Files\BitComet\tools\BitCometBHO_1.1.5.19.dll, BitComet
[CBrowseStakeout Cla ] {55302805-482E-470E-8A57-6795A1487F90} C:\K***2007\K***AFish.DLL, Kingsoft Corporatio gt;
[金山词霸] {9A687CA6-D585-4947-9ED9-BE96071F5CD9} C:\Program Files\Kingsoft\Powerword 2003\XDictExB.dll, 金山软件股份有限公司
[&am Radio] {8E718888-423F-11D2-876E-00A0C9082467} C:\WINDOWS\System32\msdxm.ocx,
[GDGetTokenInfo Cla ] {3AA9CF07-DF20-48FF-98BE-DED276E40146} C:\WINDOWS\System32\GDREAD~1.DLL,
[EditCtrl Cla ] {488A4255-3236-44B3-8F27-FA1AECAA8844} C:\WINDOWS\System32\aliedit\aliedit.dll,
[InfoSecNetSign Cla ] {62B938C4-4190-4F37-8CF0-A92B0A91CC77} C:\WINDOWS\System32\NetSign.dll, Infosec Technologies Co., Ltd.
[AxI utControl Cla ] {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} C:\WINDOWS\System32\INPUTC~1.DLL,
[金山毒霸在线产品升级] {E847C78C-C210-4195-8799-FBF3BF89797D} C:\PROGRA~1\KOS\KOSInit.OCX, 金山软件股份有限公司
[&am 使用BitComet下载] lt;res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm, N/A
[&am 使用BitComet下载全部链接] lt;res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm, N/A
[&am 使用BitComet下载本页视频] lt;res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm, N/A
[金山毒霸反钓鱼...] lt;C:\K***2007\KAF\ShowSet.htm, N/A
==================================
正在运行的进程
[PID: 416 / SYSTEM][\SystemRoot\System32\sm .exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 472 / SYSTEM][\??\C:\WINDOWS\system32\csr .exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 496 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.149 (xpclnt_qfe.021108-2107)] [C:\WINDOWS\system32\wdmaud.drv] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 540 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 552 / SYSTEM][C:\WINDOWS\system32\lsa .exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 692 / SYSTEM][C:\WINDOWS\System32\Ati2evxx.exe] [, ]
[PID: 716 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 748 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 876 / NETWORK SERVICE][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 932 / LOCAL SERVICE][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1064 / horus][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)] [C:\WINDOWS\System32\csavpw1.dll] [N/A, ] [C:\WINDOWS\System32\msavpw1.dll] [N/A, ] [C:\K***2007\KASocket.dll] [Kingsoft Corporation, 2007, 3, 18, 241] [C:\K***2007\KMailOEBand.dll] [Kingsoft Corporation, 2006, 12, 1, 139] [C:\WINDOWS\System32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\System32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\System32\wdmaud.drv] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)] [C:\WINDOWS\System32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\System32\igfx h.dll] [Intel Corporation, 3,0,0,1715] [C:\WINDOWS\System32\hccutils.DLL] [Intel Corporation, 3,0,0,1715]
[PID: 1100 / SYSTEM][C:\K***2007\KWatch.EXE] [Kingsoft Corporation, 2007, 8, 13, 78] [C:\K***2007\K***IPC2.DLL] [Kingsoft Corporation, 2007, 1, 15, 30] [C:\K***2007\KAEPlat.DLL] [Kingsoft Corp., 2007, 6, 19, 64] [C:\K***2007\KAEMem.DAT] [Kingsoft, 2006, 9, 25, 16] [C:\K***2007\KAEU ack.DAT] [Kingsoft Corp., 2007, 9, 4, 132] [C:\K***2007\K***Quara.DLL] [Kingsoft Corporation, 2007, 6, 15, 4]
[PID: 1232 / horus][C:\WINDOWS\DELLMMKB.EXE] [Netropa Corp., 2.0.0] [C:\WINDOWS\System32\wdmaud.drv] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)] [C:\WINDOWS\System32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\K***2007\KMailOEBand.dll] [Kingsoft Corporation, 2006, 12, 1, 139] [C:\WINDOWS\System32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\System32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\K***2007\KASocket.dll] [Kingsoft Corporation, 2007, 3, 18, 241] [C:\WINDOWS\System32\msiosd32.dll] [N/A, ] [C:\WINDOWS\System32\csavpw1.dll] [N/A, ] [C:\WINDOWS\System32\msavpw1.dll] [N/A, ]
[PID: 1248 / horus][C:\WINDOWS\System32\SafeSignCertReg.exe] [A.E.T. Europe B.V., 2.0.0.2]
[PID: 1256 / horus][C:\K***2007\K***Start.exe] [Kingsoft Corporation, 2007, 8, 15, 289] [C:\WINDOWS\System32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\System32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\System32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\System32\MFC71CHS.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\K***2007\K***IPC2.DLL] [Kingsoft Corporation, 2007, 1, 15, 30] [C:\K***2007\SvcTimer.DLL] [Kingsoft Corporation, 2006.12.22.84] [C:\K***2007\K***Pa .dll] [Kingsoft Corporation, 2006, 12, 30, 271] [C:\K***2007\PopSprt3.dll] [Kingsoft Corporation, 2007, 3, 20, 48] [C:\K***2007\KASocket.dll] [Kingsoft Corporation, 2007, 3, 18, 241] [C:\WINDOWS\System32\odbcbcp.dll] [Microsoft Corporation, 2000.081.7713.00] [C:\K***2007\KMailOEBand.dll] [Kingsoft Corporation, 2006, 12, 1, 139] [C:\WINDOWS\System32\msavpw1.dll] [N/A, ] [C:\WINDOWS\System32\csavpw1.dll] [N/A, ]
[PID: 1284 / horus][C:\WINDOWS\System32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\K***2007\KMailOEBand.dll] [Kingsoft Corporation, 2006, 12, 1, 139] [C:\WINDOWS\System32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\System32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\K***2007\KASocket.dll] [Kingsoft Corporation, 2007, 3, 18, 241]
[PID: 1300 / horus][C:\K***2007\KPFW32.EXE] [Kingsoft Corporation, 2007, 8, 17, 726] [C:\WINDOWS\System32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\System32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\System32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\System32\MFC71CHS.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\K***2007\K***IPC2.DLL] [Kingsoft Corporation, 2007, 1, 15, 30] [C:\K***2007\KAConfig.DLL] [Kingsoft Corporation, 2007, 1, 11, 41] [C:\K***2007\FiltList.dll] [N/A, ] [C:\K***2007\K***Pa .DLL] [Kingsoft Corporation, 2006, 12, 30, 271] [C:\K***2007\KASocket.dll] [Kingsoft Corporation, 2007, 3, 18, 241] [C:\K***2007\KMailOEBand.dll] [Kingsoft Corporation, 2006, 12, 1, 139] [C:\WINDOWS\System32\msavpw1.dll] [N/A, ] [C:\WINDOWS\System32\csavpw1.dll] [N/A, ]
[PID: 1416 / SYSTEM][C:\WINDOWS\system32\ oolsv.exe] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)] [C:\WINDOWS\system32\EBPMON2.DLL] [SEIKO EPSON CORPORATION, 2, 33, 0, 0]
[PID: 1512 / horus][C:\K***2007\KMailMon.EXE] [Kingsoft Corporation, 2007, 8, 16, 967] [C:\K***2007\KAntiSpm.dll] [Kingsoft Corporation, 2007, 2, 25, 129] [C:\WINDOWS\System32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\System32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\K***2007\K***IPC2.DLL] [Kingsoft Corporation, 2007, 1, 15, 30] [C:\K***2007\KAECall2.DLL] [Kingsoft Corporation, 2004, 12, 28, 7] [C:\K***2007\KAEPlat.DLL] [Kingsoft Corp., 2007, 6, 19, 64] [C:\K***2007\KAEMem.DAT] [Kingsoft, 2006, 9, 25, 16] [C:\K***2007\KAEU ack.DAT] [Kingsoft Corp., 2007, 9, 4, 132] [C:\K***2007\KAConfig.DLL] [Kingsoft Corporation, 2007, 1, 11, 41] [C:\K***2007\KASocket.dll] [Kingsoft Corporation, 2007, 3, 18, 241] [C:\K***2007\KMailOEBand.dll] [Kingsoft Corporation, 2006, 12, 1, 139]
[PID: 1596 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1656 / SYSTEM][C:\K***2007\KPfwSvc.EXE] [Kingsoft Corporation, 2007, 8, 17, 39]
[PID: 1732 / SYSTEM][C:\Program Files\QvodPlayer\QvodTerminal.exe] [Shenzhen TASK Technology Co.,Ltd, 2, 0, 0, 47]
[PID: 1752 / LOCAL SERVICE][C:\WINDOWS\System32\SCardSvr.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 2020 / horus][C:\Program Files\Netropa\OSD.exe] [Netropa Corp., 2.02] [C:\K***2007\KMailOEBand.dll] [Kingsoft Corporation, 2006, 12, 1, 139] [C:\WINDOWS\System32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\System32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\K***2007\KASocket.dll] [Kingsoft Corporation, 2007, 3, 18, 241] [C:\WINDOWS\System32\wdmaud.drv] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)] [C:\WINDOWS\System32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 2820 / horus][C:\K***2007\Uplive.EXE] [Kingsoft Corporation, 2007, 9, 3, 775] [C:\WINDOWS\System32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\System32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\System32\MFC71CHS.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\K***2007\KMailOEBand.dll] [Kingsoft Corporation, 2006, 12, 1, 139] [C:\WINDOWS\System32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\K***2007\KASocket.dll] [Kingsoft Corporation, 2007, 3, 18, 241]
[PID: 3772 / horus][C:\Documents and Settings\horus\My Documents\计算机修复\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900] [C:\K***2007\KMailOEBand.dll] [Kingsoft Corporation, 2006, 12, 1, 139] [C:\WINDOWS\System32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\System32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\K***2007\KASocket.dll] [Kingsoft Corporation, 2007, 3, 18, 241] [C:\WINDOWS\System32\msavpw1.dll] [N/A, ] [C:\WINDOWS\System32\csavpw1.dll] [N/A, ] [C:\Documents and Settings\horus\My Documents\计算机修复\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. [%1 %*]
.COM OK. [%1 %*]
.PIF OK. [%1 %*]
.REG OK. [regedit.exe %1]
.BAT OK. [%1 %*]
.SCR OK. [%1 /S]
.CHM OK. [C:\WINDOWS\hh.exe %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe %1 %*]
.JS OK. [%SystemRoot%\System32\WScript.exe %1 %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Wi ock 提供者
==================================
Autorun.inf
==================================
HOSTS 文件
127.0.0.1 localhost
127.1.1.1 www.hao333.com
127.1.1.2 www.hao333.com
==================================
进程特权扫描
特殊特权被允许: SeLoadDriverPrivilege [PID = 1232, C:\WINDOWS\DELLMMKB.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1300, C:\K***2007\KPFW32.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 1512, C:\K***2007\KMAILMON.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2020, C:\PROGRAM FILES\NETROPA\OSD.EXE]
==================================
API HOOK
入口点错误:LoadLibraryExW (危险等级: 高, 被下面模块所HOOK: C:\K***2007\KASocket.dll)
==================================
隐藏进程
==================================
复制代码
(A ygi)
当前离线
1498089 帖子
7065 精华
9 阅读权限
255 在线时间
3416 小时 注册时间
2002-1-9 最后登录
2011-7-29 上将(超级版主)
8921 威望
17622 元宝
12 铜钱
4617 发表于 2007-9-27 17:16
推荐方法 And 为了能帮助更多人
将方案保存文本放在桌面,没有操作完之前,不要打开任何网站、网页、QQ,不要进入任何分区。
预先下载好所有工具,看清楚步骤和要求。
按步骤走完后,为了能帮助更多人,在xdelbox目录下有一个backu 文件夹,将里面的文件压缩并设置密码为123456
发送EMail到: 或者是上传论坛 后,系统没异常,backu 下的文件可以全部删除。建议及时PM我去处理
用下面的工具,清理系统临时文件和IE临时文件
建议使用XDelBox删除以上文件(
)使用说明:删除时复制所有要删除文件的路径,在待删除文件列表里点击右键选择从剪贴板导入,导入后在要删除文件上点击右键,选择立刻重启删除,电脑会重启进入DOS界面进行删除操作。
建议解压缩任意文件夹再运行xdelbox
,运行前最好卸载所有可移动存储介质(包括U盘,MP3,手机存储卡等)。
[选择备份,勾选“抑制文件再生”有提示不存在该文件就忽略,继续添加其它文件]
c:\temp\i tall.pif
c:\windows\system32\msavpw1.dll
c:\windows\system32\csavpw1.dll
c:\windows\system32\imapi.exe
c:\windows\system32\lysvr.exe
c:\windows\srcsvc.exe
c:\windows\system32\msiosd32.dll
c:\windows\system32\drivers\3ov1.sys
将以下启动项目删除:(使用SREng操作)
[N/A] c:\temp\i tall.pif
[{86AAC8D7-BA19-48AC-9269-3C76A52642EC}] C:\WINDOWS\System32\msavpw1.dll
[{8DFA2904-9664-43AE-8929-4347554D24B6}] C:\WINDOWS\System32\csavpw1.dll
将以下服务删除:(使用SREng操作)
方法:SREng-在启动项目-服务-Win32服务应用程序选中隐藏已认证的微软项目 然后将下面名称的服务删除(选中有问题的服务后,点删除服务,点“设置”按钮即可。注意弹出的窗口中要点 否NO才是确认删除服务)(不能删除的就禁用:启动类型改为disabled,点中修改启动类型,点设置):
[IMAPI CD-Burning COM Service / ImapiService] C:\WINDOWS\System32\imapi.exe
[Network Provisioning Stop / xmlpro] C:\WINDOWS\System32\Lysvr.exe -ru gt;
[SRCSVC / SRCSVC] C:\WINDOWS\srcsvc.exe
将以下驱动程序删除:(使用SREng操作)
方法:SREng-启动项目-服务-驱动程序中选中隐藏已认证的微软项目然后删除下面名称的驱动程序(选中有问题的驱动后,点删除服务,点设置按钮即可。注意弹出的窗口中要点否NO才是确认删除服务)(不能删除就禁用:启动类型改为disabled,点中修改启动类型,点设置):
[3ov / 3ov1] \SystemRoot\System32\DRIVERS\3ov1.sy gt;
检查恶意软件,用下面工具升级后转安全模式下清理:
PS:由于勾选了“抑制文件再生”被删除文件同一个地方会有相同的文件名字文件夹,(并且开机会自动打开这些文件夹,请忽略。)请一一进去将与原来病毒同名文件夹删除即可
本帖最后由 a ygi 于 2007-9-27 17:21 编辑
№…………№
№ ξ雨ξ №
№…………№
感謝“空指针”對友人D指教,深思更謹慎
爱毒霸社区宗旨是消灭0回复,您的所有问题,在这里都将找到***
A ygi仅表达个人观点、提供个人建议,并不代表金山官方立场
当前离线
1466339 帖子
0 阅读权限
20 在线时间
2 小时 注册时间
2007-9-27 最后登录
2008-7-20 新兵
17 元宝
6 发表于 2007-9-28 10:30
开始看错了,用的是标题下面的链接。。。
怎么也找不到删除的功能,现在再试试看。谢谢了。
当前离线
1466339 帖子
0 阅读权限
20 在线时间
2 小时 注册时间
2007-9-27 最后登录
2008-7-20 新兵
17 元宝
6 发表于 2007-9-28 11:06
按上面的做了,几个文件删不掉,用了文件粉碎还是不行
请看看还有什么好办法,谢谢
现在的sreng报告
2007-09-28,11:03:02
System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)
Windows XP Home Editio (Build 2600) - 管理权限用户 - 完整功能
以下内容被选中: 所有的启动项目(包括注册表、启动文件夹、服务等) 浏览器加载项 正在运行的进程(包括进程模块信息) 文件关联 Wi ock 提供者 Autorun.inf HOSTS 文件 进程特权扫描
启动项目
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] MSMSGSC:\Program Files\Me enger\msmsgs.exe /background> [(Verified)Microsoft Windows XP Publisher] KavPFWC:\K***2007\KPFW32.EXE" gt [Kingsoft Corporation] ctfmon.exeC:\WINDOWS\System32\ctfmon.exe> [(Verified)Microsoft Windows XP Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] load> lt gt [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] PHIME2002ASyncC:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Windows XP Publisher] PHIME2002AC:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Windows XP Publisher] DellTouchC:\WINDOWS\DELLMMKB.EXE> [Netropa Corp.] KavStartC:\K***2007\K***Start.exe -startu gt [Kingsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] < hellExplorer.exe> [(Verified)Microsoft Windows XP Publisher] UserinitC:\WINDOWS\System32\UserInit.exe,> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] A Init_DLL gt lt gt [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UIHostlogonui.exe> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] {A393C2CF-1C26-4309-9765-13B7FDC0F200}C:\WINDOWS\System32\mypern1.dll> [] {C0ED41FB-530C-465C-BAF9-3189530DDC4B}C:\WINDOWS\System32\dhvpw2.dll> [] {6E1ADD5A-DA47-4BDB-B38C-846973DC1D93}C:\WINDOWS\System32\zxavast2.dll> [] {409B610C-5E4D-4CF8-AD02-7AF80AE238DF}C:\WINDOWS\System32\wlavast1.dll> [] {86AAC8D7-BA19-48AC-9269-3C76A52642EC}C:\WINDOWS\System32\msavpw2.dll> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\I talled Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] Microsoft Windows Media Player 6.4rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mplayer2.inf,PerUserStub.NT> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\I talled Components\{2bf41072-b2b1-21c1-b5c1-0305f4155515}] N/Ac:\temp\i tall.pif> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\I talled Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] Themes Setu gt lt;%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserI tall %SystemRoot%\system32\themeui.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\I talled Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] Microsoft Outlook Expre 6%ProgramFiles%\Outlook Expre \setup50.exe /APP:OE /CALLER:WINNT /user /i tall> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\I talled Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] NetMeeting 3.01rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\m etmtg.inf,NetMtg.I tall.PerUser.NT> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\I talled Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}] Windows Me enger 4.0rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.I tall.PerUser> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\I talled Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] Microsoft Windows Media Player 8rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStu gt [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\I talled Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] 通讯簿 6%ProgramFiles%\Outlook Expre \setup50.exe /APP:WAB /CALLER:WINNT /user /i tall> [N/A]
==================================
启动文件夹
==================================
[Ati HotKey Poller / Ati HotKey Poller][Ru ing/Auto Start] lt;C:\WINDOWS\System32\Ati2evxx.exe
[Human Interface Device Acce / HidServ][Sto ed/Disabled] lt;C:\WINDOWS\System32\svchost.exe -k netsvcs--%SystemRoot%\System32\hidserv.dllN/A
[Kingsoft Personal Firewall Service / KPfwSvc][Ru ing/Auto Start] lt quot;C:\K***2007\KPfwSvc.EXEKingsoft Corporatio gt;
[Kingsoft Antivirus KWatch Service / KWatchSvc][Ru ing/Auto Start] lt;C:\K***2007\KWatch.EXEKingsoft Corporatio gt;
[Netropa NHK Server / Nhksrv][Sto ed/Disabled] lt;C:\WINDOWS\Nhksrv.exeN/A
[Qvod Terminal / Qvod Terminal][Ru ing/Auto Start] lt;C:\Program Files\QvodPlayer\QvodTerminal.exeShenzhen TASK Technology Co.,Ltd
==================================
驱动程序
[aeaudio / aeaudio][Ru ing/Manual Start] lt ystem32\drivers\aeaudio.sy gt lt;Andrea Electronics Corporatio gt;
[ati2mtag / ati2mtag][Ru ing/Manual Start] lt;System32\DRIVERS\ati2mtag.sy gt lt;ATI Technologies Inc.
[u Card Device / ft2kEnum][Ru ing/Manual Start] lt;System32\DRIVERS\ic2kenum.sy gt lt;OEM Corporatio gt;
[USB Chip Holder Service / GDBaseSmc][Ru ing/Manual Start] lt;System32\DRIVERS\Chip_smc.sy gt lt;OEM
[USB Chip Service / GD_USB][Sto ed/Manual Start] lt;System32\DRIVERS\Chip_u .sy gt lt gt;
[ialm / ialm][Ru ing/Manual Start] lt;System32\DRIVERS\ialmnt5.sy gt lt;Intel Corporatio gt;
[K***BootC / K***BootC][Ru ing/Boot Start] lt;\SystemRoot\System32\Drivers\K***BootC.sy gt lt;Kingsoft Corporatio gt;
[KNetWch / KNetWch][Ru ing/System Start] lt;\??\C:\K***2007\KNetWch.SYSKingsoft Corporatio gt;
[KWatch3 / KWatch3][Ru ing/System Start] lt;\??\C:\WINDOWS\System32\drivers\KWatch3.SYSKingsoft Corporatio gt;
[DellTouch / Msikbd2k][Ru ing/Manual Start] lt;System32\DRIVERS\msikbd2k.sy gt lt;Netropa Corporatio gt;
[OMCI / OMCI][Ru ing/System Start] lt;\SystemRoot\SYSTEM32\DRIVERS\OMCI.SYSDell Computer Corporatio gt;
[Direct Parallel Link Driver / Ptilink][Ru ing/Manual Start] lt;System32\DRIVERS\ptilink.sy gt lt;Parallel Technologies, Inc.
[SmartCard Reader Device / Reader_Device][Ru ing/Manual Start] lt;System32\DRIVERS\u ic2k.sy gt lt;OEM
[Realtek RTL8139/810X Family PCI Fast Ethernet NIC NT Driver / rtl8139][Ru ing/Manual Start] lt;System32\DRIVERS\RTL8139.SYSRealtek Semiconductor Corporatio gt;
[Secdrv / Secdrv][Sto ed/Manual Start] lt;System32\DRIVERS\secdrv.sy gt lt;N/A
[smwdm / smwdm][Ru ing/Manual Start] lt ystem32\drivers\smwdm.sy gt lt;Analog Devices, Inc.
[Intel(R) Graphics Platform (SoftBIOS) Driver / {6080A529-897E-4629-A488-ABA0C29B635E}][Ru ing/System Start] lt ystem32\drivers\ialm w.sy gt lt;Intel Corporatio gt;
[Intel(R) Graphics Chi et (KCH) Driver / {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}][Ru ing/Manual Start] lt ystem32\drivers\ialmkchw.sy gt lt;Intel Corporatio gt;
==================================
浏览器加载项
[BitComet Helper] {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} C:\Program Files\BitComet\tools\BitCometBHO_1.1.5.19.dll, BitComet
[Kingsoft Trojan We hield] {4E8A5278-C04E-4FE3-BF78-8A7CCD6EF333} C:\Program Files\Kingsoft Anti y\IEBuddy.DLL, Kingsoft Corporatio gt;
[CBrowseStakeout Cla ] {55302805-482E-470E-8A57-6795A1487F90} C:\K***2007\K***AFish.DLL, Kingsoft Corporatio gt;
[IEBuddyExtControl Cla ] {3AECD3C1-7085-4731-96DC-47B6CF7EF749} C:\Program Files\Kingsoft Anti y\IEBuddyExt.DLL, Kingsoft Corporatio gt;
[金山词霸] {9A687CA6-D585-4947-9ED9-BE96071F5CD9} C:\Program Files\Kingsoft\Powerword 2003\XDictExB.dll, 金山软件股份有限公司
[&am Radio] {8E718888-423F-11D2-876E-00A0C9082467} C:\WINDOWS\System32\msdxm.ocx,
[GDGetTokenInfo Cla ] {3AA9CF07-DF20-48FF-98BE-DED276E40146} C:\WINDOWS\System32\GDREAD~1.DLL,
[EditCtrl Cla ] {488A4255-3236-44B3-8F27-FA1AECAA8844} C:\WINDOWS\System32\aliedit\aliedit.dll,
[InfoSecNetSign Cla ] {62B938C4-4190-4F37-8CF0-A92B0A91CC77} C:\WINDOWS\System32\NetSign.dll, Infosec Technologies Co., Ltd.
[AxI utControl Cla ] {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} C:\WINDOWS\System32\INPUTC~1.DLL,
[金山毒霸在线产品升级] {E847C78C-C210-4195-8799-FBF3BF89797D} C:\PROGRA~1\KOS\KOSInit.OCX, 金山软件股份有限公司
[&am 使用BitComet下载] lt;res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm, N/A
[&am 使用BitComet下载全部链接] lt;res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm, N/A
[&am 使用BitComet下载本页视频] lt;res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm, N/A
[金山毒霸反钓鱼...] lt;C:\K***2007\KAF\ShowSet.htm, N/A
==================================
正在运行的进程
[PID: 416 / SYSTEM][\SystemRoot\System32\sm .exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 472 / SYSTEM][\??\C:\WINDOWS\system32\csr .exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 496 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.149 (xpclnt_qfe.021108-2107)] [C:\WINDOWS\system32\wdmaud.drv] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 540 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 552 / SYSTEM][C:\WINDOWS\system32\lsa .exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 692 / SYSTEM][C:\WINDOWS\System32\Ati2evxx.exe] [, ]
[PID: 716 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 752 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 872 / NETWORK SERVICE][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 888 / LOCAL SERVICE][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 996 / SYSTEM][C:\K***2007\KWatch.EXE] [Kingsoft Corporation, 2007, 8, 13, 78] [C:\K***2007\K***IPC2.DLL] [Kingsoft Corporation, 2007, 1, 15, 30] [C:\K***2007\KAEPlat.DLL] [Kingsoft Corp., 2007, 6, 19, 64] [C:\K***2007\KAEMem.DAT] [Kingsoft, 2006, 9, 25, 16] [C:\K***2007\KAEU ack.DAT] [Kingsoft Corp., 2007, 9, 17, 134] [C:\K***2007\K***Quara.DLL] [Kingsoft Corporation, 2007, 6, 15, 4]
[PID: 1128 / horus][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)] [C:\WINDOWS\System32\mypern1.dll] [N/A, ] [C:\WINDOWS\System32\mypern2.dll] [N/A, ] [C:\WINDOWS\System32\dhvpw2.dll] [N/A, ] [C:\WINDOWS\System32\zxavast2.dll] [N/A, ] [C:\WINDOWS\System32\wlavast1.dll] [N/A, ] [C:\WINDOWS\System32\msavpw2.dll] [N/A, ] [C:\K***2007\KASocket.dll] [Kingsoft Corporation, 2007, 3, 18, 241] [C:\K***2007\KMailOEBand.dll] [Kingsoft Corporation, 2006, 12, 1, 139] [C:\WINDOWS\System32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\System32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\System32\wdmaud.drv] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)] [C:\WINDOWS\System32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1204 / SYSTEM][C:\WINDOWS\system32\ oolsv.exe] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)] [C:\WINDOWS\system32\EBPMON2.DLL] [SEIKO EPSON CORPORATION, 2, 33, 0, 0]
[PID: 1308 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1364 / SYSTEM][C:\K***2007\KPfwSvc.EXE] [Kingsoft Corporation, 2007, 8, 17, 39]
[PID: 1456 / SYSTEM][C:\Program Files\QvodPlayer\QvodTerminal.exe] [Shenzhen TASK Technology Co.,Ltd, 2, 0, 0, 47]
[PID: 1528 / LOCAL SERVICE][C:\WINDOWS\System32\SCardSvr.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1596 / horus][C:\WINDOWS\DELLMMKB.EXE] [Netropa Corp., 2.0.0] [C:\WINDOWS\System32\wdmaud.drv] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)] [C:\WINDOWS\System32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\System32\mypern1.dll] [N/A, ] [C:\WINDOWS\System32\dhvpw2.dll] [N/A, ] [C:\WINDOWS\System32\zxavast2.dll] [N/A, ] [C:\WINDOWS\System32\wlavast1.dll] [N/A, ] [C:\WINDOWS\System32\msavpw2.dll] [N/A, ] [C:\K***2007\KASocket.dll] [Kingsoft Corporation, 2007, 3, 18, 241]
[PID: 1604 / horus][C:\K***2007\K***Start.exe] [Kingsoft Corporation, 2007, 8, 15, 289] [C:\WINDOWS\System32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\System32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\System32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\System32\MFC71CHS.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\K***2007\K***IPC2.DLL] [Kingsoft Corporation, 2007, 1, 15, 30] [C:\K***2007\SvcTimer.DLL] [Kingsoft Corporation, 2006.12.22.84] [C:\K***2007\PopSprt3.dll] [Kingsoft Corporation, 2007, 3, 20, 48] [C:\K***2007\K***Pa .dll] [Kingsoft Corporation, 2006, 12, 30, 271] [C:\K***2007\KASocket.dll] [Kingsoft Corporation, 2007, 3, 18, 241]
[PID: 1688 / horus][C:\K***2007\KPFW32.EXE] [Kingsoft Corporation, 2007, 8, 17, 726] [C:\WINDOWS\System32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\System32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\System32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\System32\MFC71CHS.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\K***2007\K***IPC2.DLL] [Kingsoft Corporation, 2007, 1, 15, 30] [C:\K***2007\KAConfig.DLL] [Kingsoft Corporation, 2007, 1, 11, 41] [C:\K***2007\FiltList.dll] [N/A, ] [C:\K***2007\K***Pa .DLL] [Kingsoft Corporation, 2006, 12, 30, 271] [C:\K***2007\KASocket.dll] [Kingsoft Corporation, 2007, 3, 18, 241] [C:\K***2007\KMailOEBand.dll] [Kingsoft Corporation, 2006, 12, 1, 139]
[PID: 1708 / horus][C:\WINDOWS\System32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\K***2007\KMailOEBand.dll] [Kingsoft Corporation, 2006, 12, 1, 139] [C:\WINDOWS\System32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\System32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\K***2007\KASocket.dll] [Kingsoft Corporation, 2007, 3, 18, 241]
[PID: 1968 / horus][C:\K***2007\KMailMon.EXE] [Kingsoft Corporation, 2007, 8, 16, 967] [C:\K***2007\KAntiSpm.dll] [Kingsoft Corporation, 2007, 2, 25, 129] [C:\WINDOWS\System32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\System32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\K***2007\K***IPC2.DLL] [Kingsoft Corporation, 2007, 1, 15, 30] [C:\K***2007\KAECall2.DLL] [Kingsoft Corporation, 2004, 12, 28, 7] [C:\K***2007\KAEPlat.DLL] [Kingsoft Corp., 2007, 6, 19, 64] [C:\K***2007\KAEMem.DAT] [Kingsoft, 2006, 9, 25, 16] [C:\K***2007\KAEU ack.DAT] [Kingsoft Corp., 2007, 9, 17, 134] [C:\K***2007\KAConfig.DLL] [Kingsoft Corporation, 2007, 1, 11, 41] [C:\K***2007\KASocket.dll] [Kingsoft Corporation, 2007, 3, 18, 241] [C:\K***2007\KMailOEBand.dll] [Kingsoft Corporation, 2006, 12, 1, 139]
[PID: 2040 / horus][C:\Program Files\Netropa\OSD.exe] [Netropa Corp., 2.02] [C:\K***2007\KMailOEBand.dll] [Kingsoft Corporation, 2006, 12, 1, 139] [C:\WINDOWS\System32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\System32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\K***2007\KASocket.dll] [Kingsoft Corporation, 2007, 3, 18, 241] [C:\WINDOWS\System32\wdmaud.drv] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)] [C:\WINDOWS\System32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 844 / horus][C:\Documents and Settings\horus\My Documents\计算机修复\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900] [C:\K***2007\KMailOEBand.dll] [Kingsoft Corporation, 2006, 12, 1, 139] [C:\WINDOWS\System32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\System32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\K***2007\KASocket.dll] [Kingsoft Corporation, 2007, 3, 18, 241] [C:\WINDOWS\System32\msavpw2.dll] [N/A, ] [C:\WINDOWS\System32\wlavast1.dll] [N/A, ] [C:\WINDOWS\System32\zxavast2.dll] [N/A, ] [C:\WINDOWS\System32\dhvpw2.dll] [N/A, ] [C:\WINDOWS\System32\mypern2.dll] [N/A, ] [C:\Documents and Settings\horus\My Documents\计算机修复\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
[PID: 1064 / horus][C:\WINDOWS\System32\SafeSignCertReg.exe] [A.E.T. Europe B.V., 2.0.0.2] [C:\K***2007\KMailOEBand.dll] [Kingsoft Corporation, 2006, 12, 1, 139] [C:\WINDOWS\System32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\System32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\K***2007\KASocket.dll] [Kingsoft Corporation, 2007, 3, 18, 241]
==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. [%1 %*]
.COM OK. [%1 %*]
.PIF OK. [%1 %*]
.REG OK. [regedit.exe %1]
.BAT OK. [%1 %*]
.SCR OK. [%1 /S]
.CHM Error. [hh.exe %1]
.HLP Error. [winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe %1 %*]
.JS OK. [%SystemRoot%\System32\WScript.exe %1 %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Wi ock 提供者
==================================
Autorun.inf
==================================
HOSTS 文件
127.0.0.1 localhost
127.1.1.1 www.hao333.com
127.1.1.2 www.hao333.com
==================================
进程特权扫描
特殊特权被允许: SeLoadDriverPrivilege [PID = 1596, C:\WINDOWS\DELLMMKB.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1688, C:\K***2007\KPFW32.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 1968, C:\K***2007\KMAILMON.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2040, C:\PROGRAM FILES\NETROPA\OSD.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1064, C:\WINDOWS\SYSTEM32\SAFESIGNCERTREG.EXE]
==================================
API HOOK
入口点错误:LoadLibraryExW (危险等级: 高, 被下面模块所HOOK: C:\K***2007\KASocket.dll)
==================================
隐藏进程
==================================
复制代码
当前离线
1466339 帖子
0 阅读权限
20 在线时间
2 小时 注册时间
2007-9-27 最后登录
2008-7-20 新兵
17 元宝
6 发表于 2007-9-28 11:38
又找到了和那些文件差不多名字(最后面是0。1。2===)的文件
把这些也删了再看看。。。不知道会不会好。
(山中无老虎,老鬼称霸王)
当前离线
This is not fun anymore
902 帖子
10742 精华
42 阅读权限
255 性别
男 来自
ZJF 在线时间
2500 小时 注册时间
2005-10-21 最后登录
2011-6-23 上将(超级版主)
13354 威望
24914 元宝
89 铜钱
9347 发表于 2007-9-28 13:05
[将方案保存文本放在桌面,没有操作完之前,不要打开任何网站、网页、QQ,不要进入任何分区。
预先下载好所有工具,看清楚步骤和要求。引自a ygi ]
你可以下载
,使用里面的GetSu ectFiles.exe,(根据你的系统和可疑文件的多少可能需要等待一段时间),扫描完成以后,然后打包Files文件夹上传到可疑文件上传区以供工程师分析
可以使用
,勾选抑制再生以后,复制路径进入杀灭看看(提示目标不存在的不用理他)
c:\windows\system32\dhvpw2.dll
c:\windows\system32\msavpw2.dll
c:\windows\system32\mypern1.dll
c:\windows\system32\mypern2.dll
c:\windows\system32\wlavast1.dll
c:\windows\system32\zxavast2.dll
c:\temp\i tall.pif
重启以后使用sreng删除注册表键(可能开机会弹出一些文件夹可以忽略)
N/A] c:\temp\i tall.pif
[{86AAC8D7-BA19-48AC-9269-3C76A52642EC}] C:\WINDOWS\System32\msavpw2.dll
[{409B610C-5E4D-4CF8-AD02-7AF80AE238DF}] C:\WINDOWS\System32\wlavast1.dll
[{6E1ADD5A-DA47-4BDB-B38C-846973DC1D93}] C:\WINDOWS\System32\zxavast2.dll
[{C0ED41FB-530C-465C-BAF9-3189530DDC4B}] C:\WINDOWS\System32\dhvpw2.dll
[{A393C2CF-1C26-4309-9765-13B7FDC0F200}] C:\WINDOWS\System32\mypern1.dll
使用以下的软件清理工具清理下系统里面可能存在的病毒或者恶意软件残余
由于勾选了“抑制文件再生”被删除文件同一个地方会有相同的文件名字文件夹,(并且开机会自动打开这些文件夹,请忽略。)请一一进去将与原来病毒同名文件夹删除即可
由于水平所限可能存在漏判,,误判的情况欢迎楼主及时反馈问题的解决情况
xp系统遇毒先上金山急救箱
我愿意为用户解决问题,但是我不欢迎***手
GMT+8, 2011-7-30 18:25,
Proce ed in 0.090777 second(s), 5 queries, Gzip enabled
Powered by
2001-2009刷了LI2.3.3,为什么灵图天行者10运行不了呢?
绑定QQ帐号,轻松分享到QQ空间
(乐乐爹)
当前离线
19 机锋券
0 经验值
23 阅读权限
20 在线时间
6 小时 注册时间
2011-2-19 最后登录
2011-7-15 22%
25 机型 跳转到
字体大小:
发表于 2011-4-29 16:49
刷了LI2.3.3,为什么灵图天行者10运行不了呢?
刚刷的LI2.3.3,运行速度没得说,比原来的2。2快了,不卡了,但是天行者10运行不了,不知道为什么?
进入就提示数据错误,请查检SD卡,是否正确的插入SD卡,我装进机器内置的卡里了,应该没问题啊!
而且兄弟连,现代战争什么的都可以正常运行。
希望哪位大侠能帮帮忙!谢谢啊
(乐乐爹)
当前离线
19 机锋券
0 经验值
23 阅读权限
20 在线时间
6 小时 注册时间
2011-2-19 最后登录
2011-7-15 22%
25 机型 发表于 2011-4-29 17:00
自己顶一下吧,有没有帮忙的啊
当前离线
5 机锋券
0 经验值
0 阅读权限
10 在线时间
6 小时 注册时间
2011-4-4 最后登录
2011-6-15 0%
3 机型 发表于 2011-4-29 18:32
这个问题已经纠结我2个多月了,到现在都没发现有人能解决这个问题。这是我用了android2.3.3之后发现唯一的遗憾。
谁能解决的话告诉我,qq66905162.
(大海)
当前离线
558 机锋券
0 经验值
44 阅读权限
20 性别
男 在线时间
424 小时 注册时间
2011-2-9 最后登录
2011-7-28 82%
626 机型
GT-i9000 发表于 2011-4-29 18:40
好像2.3版本用不了 我装了也是用不了
(乐乐爹)
当前离线
19 机锋券
0 经验值
23 阅读权限
20 在线时间
6 小时 注册时间
2011-2-19 最后登录
2011-7-15 22%
25 机型 发表于 2011-5-3 09:39
原来是这样,太闹心了,希望有人能解决一下啊
当前离线
48 机锋券
0 经验值
1 阅读权限
10 在线时间
52 小时 注册时间
2010-12-10 最后登录
2011-7-28 6%
11 机型 发表于 2011-5-3 15:33
用了凯立德才知道灵图有多好用。
坐等高人解决啊
当前离线
30 机锋券
0 经验值
0 阅读权限
10 在线时间
11 小时 注册时间
2011-3-2 最后登录
2011-6-15 0%
1 机型 发表于 2011-5-4 21:58
希望有人能解决一下啊
(王者无双)
当前离线
329 机锋券
0 经验值
36 阅读权限
20 在线时间
353 小时 注册时间
2011-2-4 最后登录
2011-7-30 60%
1119 机型 发表于 2011-5-8 22:53
我的装完后,内存卡经常变成只读属性
当前离线
231 机锋券
0 经验值
3 阅读权限
10 在线时间
88 小时 注册时间
2011-1-6 最后登录
2011-7-28 20%
313 机型 发表于 2011-5-11 11:25
我用了android2.3.3之后发现唯一的遗憾。
当前离线
86 机锋券
0 经验值
0 阅读权限
10 在线时间
29 小时 注册时间
2011-5-9 最后登录
2011-7-29 0%
100 机型 发表于 2011-5-16 00:21
同感,就是遗憾啊
******: +86-29-68570622 ***信箱:
商务***: +86-10-85197456
商务信箱:
Copyright 2007-2011 机锋网
迈奔公司 mAPPn Inc. 版权所有
Powered by Discuz!
