大家都帮帮我我的老PC只要一登陆QQ马上就中毒,用AVG杀过说是啥会记录密码的毒,删了后又会回来!烦死了!还用江民也杀过!也一样!助手也清哩过也一样,病毒还会回来!文件夹选项都变没有了!我怀疑注册表给给改了,但我是菜鸟不懂,我把清理助手诊断报告和SREngLdr扫描报告给达人们看看!跪求大虾们帮我治治这病!
SREngLdr扫描报告:[CODE]
2008-11-17,19:37:29
System Repair Engineer 2.6.12.1018
Smallfrogs ([url]http://www.KZTechs.com[/url])
Windows 2000 Professional Service Pack 4 (Build 2195) - 管理权限用户 - 完整功能
以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
进程特权扫描
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<Internat.exe><internat.exe> [(Verified)Microsoft Windows 2000 Publisher]
<ctfmon.exe><C:\WINNT\system32\ctfmon.exe> [File is missing]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<Synchronization Manager><mobsync.exe /logon> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows 2000 Publisher]
<Userinit><C:\WINNT\system32\userinit.exe,> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer 访问><"C:\WINNT\system32\shmgrate.exe" OCInstallUserConfigIE> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express 访问><"C:\WINNT\system32\shmgrate.exe" OCInstallUserConfigOE> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
<Microsoft Windows Media Player 6.4><rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\mplayer2.inf,PerUserStub.NT> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<Address Book 5><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
<CRLUpdate><%SystemRoot%\system32\updcrl.exe -e -u %SystemRoot%\system32\verisignpub1.crl> [File is missing]
==================================
启动文件夹
N/A
==================================
服务
[AVG Anti-Spyware Guard / AVG Anti-Spyware Guard][Running/Auto Start]
<D:\ewido木马专杀\AVG Anti-Spyware\guard.exe><GRISOFT s.r.o.>
[Contrl Center of Storm Media / ccosm][Stopped/Auto Start]
<><(File is missing)>
[Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
<C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[KVSrvXP / KVSrvXP][Running/Auto Start]
<"D:\江民\JiangMin\AntiVirus\KVSrvXP.exe" /Service><Jiangmin Co., Ltd.>
[SpIDer Guard for Windows / SPIDERNT][Stopped/Auto Start]
<><(File is missing)>
==================================
驱动程序
[aswFsBlk / aswFsBlk][Running/Auto Start]
<system32\DRIVERS\aswFsBlk.sys><ALWIL Software>
[AVG Anti-Spyware Driver / AVG Anti-Spyware Driver][Running/System Start]
<\??\D:\ewido木马专杀\AVG Anti-Spyware\guard.sys><N/A>
[AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start]
<System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.>
[BsDeamon / BsDeamon][Running/System Start]
<\??\D:\江民\JiangMin\AntiVirus\BsDeamon.sys><Jiangmin Co., Ltd.>
[C-Media PCI Audio Interface / cmuda3][Running/Manual Start]
<system32\drivers\cmuda3.sys><C-Media Inc>
[dmboot / dmboot][Stopped/Disabled]
<System32\drivers\dmboot.sys><VERITAS Software Corp.>
[Logical Disk Manager Driver / dmio][Running/Boot Start]
<\SystemRoot\System32\drivers\dmio.sys><VERITAS Software Corp.>
[dmload / dmload][Running/Boot Start]
<\SystemRoot\System32\drivers\dmload.sys><VERITAS Software Corp.>
[WAN Miniport Driver For PPPoE Protocol / GNetPPPoE][Running/Manual Start]
<System32\DRIVERS\PPPoE.SYS><Guangdong Data Communications Network Co.Ltd.>
[HdFw_slot / HdFw_slot][Stopped/Manual Start]
<\??\D:\江民\JiangMin\KVFW\HdFw.sys><N/A>
[kmsinput / kmsinput][Stopped/Manual Start]
<\??\C:\WINNT\system32\drivers\kmsinput.sys><N/A>
[KRegEx / KRegEx][Running/Auto Start]
<\??\D:\江民\JiangMin\Antivirus\KRegEx.sys><Jiangmin Co. Ltd.>
[Jiangmin Antivirus Software - SysCall Services / KSysCall][Running/System Start]
<\??\D:\江民\JiangMin\common\KSysCall.sys><Jiangmin Co., Ltd.>
[Jiangmin Antivirus Software - System Monitor / KSysMon][Running/System Start]
<\??\D:\江民\JiangMin\Antivirus\KSysMon.sys><Jiangmin Co., Ltd.>
[Jiangmin Antivirus Software - File Tracer / KSysTrace][Running/System Start]
<\??\D:\江民\JiangMin\Antivirus\KSysTrace.sys><Jiangmin Co., Ltd.>
[KVFileGuard From Jiangmin / KVFileGuard][Running/Manual Start]
<\??\D:\江民\JiangMin\AntiVirus\KVFG.sys><Jiangmin Co., Ltd.>
[KVRedir From Jiangmin / KVRedir][Running/System Start]
<\??\D:\江民\JiangMin\AntiVirus\KVRedir.sys><Jiangmin Co., Ltd.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek RTL8139-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
<System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[SiSV / SiSV][Running/Manual Start]
<System32\DRIVERS\SiSV.sys><Silicon Integrated Systems Corporation>
[Jiangmin AntiVirus Software - System Guard / SysGuard][Running/Boot Start]
<\SystemRoot\system32\Drivers\SysGuard.sys><Jiangmin Co., Ltd.>
==================================
浏览器加载项
[ThunderAtOnce Class]
{01443AEC-0FD1-40fd-9C87-E93D1494C233} <D:\迅雷5\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[BrowseHelper Class]
{80BF4637-D65B-43F3-BB60-C5DD3D5FB7B9} <D:\江民\JiangMin\Antivirus\KVShell.dll, Jiangmin Co.Ltd>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <D:\迅雷5\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[RegisterHelper Class]
{FF354A24-B490-4D4F-8EEC-B3ACD6E681A4} <D:\江民\JiangMin\AntiVirus\UrlGuard.dll, (Signed) Jiangmin Co., Ltd.>
[启动迅雷5]
{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <D:\迅雷5\Thunder.exe, Thunder Networking Technologies,LTD>
[iTrusPTA Class]
{1E0DFFCF-27FF-4574-849B-55007349FEDA} <C:\WINNT\system32\aliedit\pta.dll, (Signed) >
[EditCtrl Class]
{488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINNT\system32\aliedit\aliedit.dll, (Signed) >
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\System32\Macromed\Flash\Flash9f.ocx, (Signed) Adobe Systems, Inc.>
[]
{0A47E819-F82E-4D5D-B806-6A9EA94D68CD} <, >
[Thunder Agent Class]
{485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <D:\迅雷5\ComDlls\ThunderAgent_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[XMP Class]
{6483F145-A768-4C41-AACC-52D4D7845851} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, >
[XDRM]
{693571CB-54A3-4E90-9D52-EEAE1334E2D3} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work, >
[WangWangObj Class]
{6E213FC7-DD5A-4115-B7E6-D4C7838C361E} <D:\旺旺\WangWang\WangWangX4.dll, 阿里巴巴软件(上海)有限公司>
[MediaComm Class]
{7670648D-461B-42AF-BDFE-46D26AF5EFF2} <D:\迅雷5\Components\InMedia\MediaAddin17.dll, Thunder Networking Technologies,LTD>
[360SafeLive]
{87515F61-A66C-4319-A0E0-D416CB8059E3} <D:\360卫士\360safe\live.dll, (Signed) 360.cn>
[RMGetLicense Class]
{A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINNT\system32\msnetobj.dll, (Signed) Microsoft Corporation>
[DapCtrl Class]
{ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} <C:\Program Files\Common Files\Thunder Network\KanKan\DapCtrl.2.1.5804.63.(133).dll, ShenZhen Thunder Networking Technologies Ltd.>
[]
{EEDD6FF9-13DE-496B-9A1C-D78B3215E266} <, >
[XPPlayer Class]
{F3E70CEA-956E-49CC-B444-73AFE593AD7F} <C:\Program Files\Common Files\Thunder Network\KanKan\PPlayer.2.0.5835.191.(133).dll, Xunlei Networking Technologies,LTD>
[使用迅雷下载]
<D:\迅雷5\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
<D:\迅雷5\Program\getallurl.htm, N/A>
==================================
正在运行的进程
[PID: 176][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.00.2195.6601]
[PID: 148][\??\C:\WINNT\system32\csrss.exe] [Microsoft Corporation, 5.00.2195.6601]
[PID: 80][\??\C:\WINNT\system32\winlogon.exe] [Microsoft Corporation, 5.00.2195.6997]
[C:\WINNT\system32\wdmaud.drv] [Microsoft Corporation, 5.00.2195.6673]
[C:\WINNT\system32\winpy.ime] [Microsoft Corporation, 5.00.2195.6601]
[C:\WINNT\system32\msacm32.drv] [Microsoft Corporation, 5.00.2134.1]
[PID: 232][C:\WINNT\system32\services.exe] [Microsoft Corporation, 5.00.2195.7035]
[C:\WINNT\system32\dmserver.dll] [VERITAS Software Corp., 2195.6605.297.3]
[PID: 244][C:\WINNT\system32\lsass.exe] [Microsoft Corporation, 5.00.2195.7011]
[PID: 452][D:\ewido木马专杀\AVG Anti-Spyware\guard.exe] [GRISOFT s.r.o., 7, 5, 1, 22]
[D:\ewido木马专杀\AVG Anti-Spyware\engine.dll] [GRISOFT s.r.o., 4, 2, 0, 19]
[PID: 476][C:\WINNT\SYSTEM32\SVCHOST.EXE] [Microsoft Corporation, 5.00.2134.1]
[PID: 500][C:\WINNT\system32\svchost.exe] [Microsoft Corporation, 5.00.2134.1]
[PID: 544][C:\WINNT\system32\svchost.exe] [Microsoft Corporation, 5.00.2134.1]
[PID: 580][C:\WINNT\System32\svchost.exe] [Microsoft Corporation, 5.00.2134.1]
[C:\WINNT\System32\unimdm.tsp] [Microsoft Corporation, 5.00.2195.6601]
[C:\WINNT\System32\kmddsp.tsp] [Microsoft Corporation, 5.00.2150.1]
[C:\WINNT\System32\ndptsp.tsp] [Microsoft Corporation, 5.00.2143.1]
[C:\WINNT\System32\ipconf.tsp] [Microsoft Corporation, 5.00.2143.1]
[C:\WINNT\System32\h323.tsp] [Microsoft Corporation, 5.00.2195.6901]
[PID: 756][C:\WINNT\Explorer.EXE] [Microsoft Corporation, 5.00.3700.6690]
[C:\WINNT\AppPatch\AcLayers.DLL] [Microsoft Corporation, 5.00.2195.6717]
[C:\WINNT\system32\winpy.ime] [Microsoft Corporation, 5.00.2195.6601]
[D:\江民\JiangMin\Antivirus\KsPec.dll] [Jiangmin Co., Ltd., 12, 2, 8, 807]
[D:\江民\JiangMin\common\KVTrust.dll] [Jiangmin Co., Ltd., 10, 0, 8, 904]
[D:\江民\JiangMin\common\KvTools.dll] [Jiangmin Co., Ltd., 12, 0, 8, 901]
[C:\WINNT\system32\HiveBase.dll] [Jiangmin Co., Ltd., 12, 0, 8, 903]
[C:\WINNT\system32\kvinstall.dll] [Jiangmin Co, Ltd., 12, 0, 0, 800]
[D:\江民\JiangMin\common\KVTrustInit.dll] [Jiangmin Co., Ltd., 12, 0, 8, 819]
[C:\WINNT\system32\wdmaud.drv] [Microsoft Corporation, 5.00.2195.6673]
[C:\WINNT\system32\msacm32.drv] [Microsoft Corporation, 5.00.2134.1]
[D:\江民\JiangMin\Antivirus\KVShell.dll] [Jiangmin Co.Ltd, 2, 0, 8, 918]
[D:\江民\JiangMin\Antivirus\lang\KvXP0804.lng] [N/A, ]
[D:\压缩工具\rarext.dll] [N/A, ]
[D:\迅雷5\ComDlls\TDAtOnce_Now.dll] [Thunder Networking Technologies,LTD, 1.0.5.29]
[D:\迅雷5\ComDlls\xunleiBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 8, 96]
[D:\迅雷5\Components\ResWorker\DsBho_00.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 20]
[C:\WINNT\system32\MSVCP60.dll] [Microsoft Corporation, 6.00.8972.0]
[D:\迅雷5\Components\ResWorker\DataProcessor_00.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 16]
[D:\ewido木马专杀\AVG Anti-Spyware\context.dll] [GRISOFT s.r.o., 7, 5, 1, 36]
[PID: 532][C:\WINNT\system32\internat.exe] [Microsoft Corporation, 5.00.2920.0000]
[C:\WINNT\system32\winpy.ime] [Microsoft Corporation, 5.00.2195.6601]
[PID: 1088][E:\SREng修复\SREngLdr.EXE] [Smallfrogs Studio, 2.6.12.1018]
[PID: 1056][E:\SREng修复\SREbdfa5f6.EXE] [Smallfrogs Studio, 2.6.12.1018]
[C:\WINNT\system32\winpy.ime] [Microsoft Corporation, 5.00.2195.6601]
[E:\SREng修复\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
==================================
文件关联
.TXT Error. [NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM Error. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
127.0.0.1 localhost
==================================
进程特权扫描
特殊特权被允许: SeLoadDriverPrivilege [PID = 1088, E:\SRENG修复\SRENGLDR.EXE]
==================================
API HOOK
N/A
==================================
隐藏进程
N/A
==================================
[/CODE]
清理助手诊断报告:[CODE]
2008-11-17,19:39:23
SysLog Scanner 1.0 - build 20080726
Arswp ([url]http://www.arswp.com[/url])
Windows 2000 Professional Service Pack 4 (build 2195) - Administrators
========================================
注册项
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINNT\system32\ctfmon.exe> []
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><> []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\使用迅雷下载]
<><D:\迅雷5\Program\geturl.htm> [N/A, C:2008-10-07 16:25 M:2008-07-28 15:43]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\使用迅雷下载全部链接]
<><D:\迅雷5\Program\getallurl.htm> [N/A, C:2008-10-07 16:25 M:2007-12-10 14:17]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
<Microsoft Windows Media Player 6.4><rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\mplayer2.inf,PerUserStub.NT> [(Verified)Microsoft Corporation, 5.00.2134.1, C:2000-01-10 04:00 M:2000-01-10 04:00|(Verified)Microsoft Corporation, 6.00.2800.1106, C:2002-08-29 09:32 M:2002-08-29 09:32|(Verified)N/A, C:2008-03-02 19:45 M:2000-01-10 04:00]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Corporation, 5.00.2134.1, C:2000-01-10 04:00 M:2000-01-10 04:00|(Verified)Microsoft Corporation, 6.00.2800.1106, C:2002-08-29 09:32 M:2002-08-29 09:32|(Verified)N/A, C:2000-01-10 04:00 M:2000-01-10 04:00]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6A5110B5-E14B-4268-A065-EF89FF33C325}]
<EnableRevocation><regsvr32.exe /s /n /i:"S 2 true 3 true 4 true 5 true 6 true 7 true" initpki.dll> [(Verified)Microsoft Corporation, 5.00.2195.6662, C:2008-03-02 20:21 M:2003-06-20 03:05|N/A, |(Verified)Microsoft Corporation, 5.131.2195.6601, C:2008-03-02 18:56 M:2003-06-20 03:05]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{09BA8F6D-CB54-424B-839C-C2A6C8E6B436}]
<启动迅雷5><D:\迅雷5\Thunder.exe> [Thunder Networking Technologies,LTD, 5, 6, 8, 19, C:2008-10-07 16:25 M:2008-08-12 17:41]
========================================
启动项
========================================
计划任务
========================================
组件
Shell Extension
[Display Panning CPL Extension]
{42071714-76d4-11d1-8b24-00a0c9068ff3} <deskpan.dll> []
[HyperTerminal Icon Ext]
{88895560-9AA2-1069-930E-00AA0030EBC8} <C:\WINNT\System32\hticons.dll> [(Verified)Hilgraeve, Inc., 5.00.2195.6684, C:2008-03-02 18:52 M:2003-06-20 03:05]
[WinRAR shell extension]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} <D:\压缩工具\rarext.dll> [N/A, C:2008-03-01 23:16 M:2007-09-23 18:59]
[EncryptFile]
{D55189EB-2826-4834-8E59-582B05CA99CA} <D:\优话大师\Wopti\WoptiEncryptModule.dll> [(Verified)共软网络, 1.0.8.103, C:2008-03-01 23:17 M:2008-01-03 13:51]
[Kv Dangerous File Control]
{21EE6A6C-A71F-45A4-A9DF-3901253D4051} <D:\江民\JiangMin\Antivirus\KsPec.dll> [(Verified)Jiangmin Co., Ltd., 12, 2, 8, 807, C:2008-10-18 01:20 M:2008-09-16 14:55]
[Kv Suspicious File Control]
{EBA3B46C-9894-4583-AF20-C5E4A6826E4A} <D:\江民\JiangMin\Antivirus\KsPec.dll> [(Verified)Jiangmin Co., Ltd., 12, 2, 8, 807, C:2008-10-18 01:20 M:2008-09-16 14:55]
[Kv Process Execution Control]
{7225D8F0-564A-4DFC-9DF6-717FB2569922} <D:\江民\JiangMin\Antivirus\KsPec.dll> [(Verified)Jiangmin Co., Ltd., 12, 2, 8, 807, C:2008-10-18 01:20 M:2008-09-16 14:55]
BrowserHelperObject
[ThunderAtOnce Class]
{01443AEC-0FD1-40fd-9C87-E93D1494C233} <D:\迅雷5\ComDlls\TDAtOnce_Now.dll> [(Verified)Thunder Networking Technologies,LTD, 1.0.5.29, C:2008-10-07 16:26 M:2008-06-13 09:43]
[BrowseHelper Class]
{80BF4637-D65B-43F3-BB60-C5DD3D5FB7B9} <D:\江民\JiangMin\Antivirus\KVShell.dll> [Jiangmin Co.Ltd, 2, 0, 8, 918, C:2008-10-18 01:19 M:2008-09-27 13:03]
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <D:\迅雷5\ComDlls\xunleiBHO_Now.dll> [(Verified)Thunder Networking Technologies,LTD, 5, 0, 8, 96, C:2008-10-07 16:26 M:2008-06-13 09:43]
[RegisterHelper Class]
{FF354A24-B490-4D4F-8EEC-B3ACD6E681A4} <D:\江民\JiangMin\AntiVirus\UrlGuard.dll> [(Verified)Jiangmin Co., Ltd., 1, 0, 8, 728, C:2008-10-18 01:19 M:2008-09-16 14:55]
ActiveX Extension
[Thunder Agent Class]
{485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <D:\迅雷5\ComDlls\ThunderAgent_Now.dll> [(Verified)Thunder Networking Technologies,LTD, 5, 0, 4, 23, C:2008-10-07 16:26 M:2008-06-13 09:43]
[XMP Class]
{6483F145-A768-4C41-AACC-52D4D7845851} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work> [Copyright XunLei 2007, 2, 1, 2, 77, C:2008-03-01 22:58 M:2008-08-25 17:25]
[XDRM]
{693571CB-54A3-4E90-9D52-EEAE1334E2D3} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work> [Copyright XunLei 2007, 1, 0, 0, 7, C:2008-03-01 22:58 M:2008-08-25 17:25]
[WangWangObj Class]
{6E213FC7-DD5A-4115-B7E6-D4C7838C361E} <D:\旺旺\WangWang\WangWangX4.dll> [阿里巴巴软件(上海)有限公司, 1, 0, 0, 1, C:2008-03-01 23:37 M:2007-09-10 12:36]
[MediaComm Class]
{7670648D-461B-42AF-BDFE-46D26AF5EFF2} <D:\迅雷5\Components\InMedia\MediaAddin17.dll> [Thunder Networking Technologies,LTD, 3, 1, 5, 78, C:2008-10-07 16:25 M:2008-08-25 17:25]
[360SafeLive]
{87515F61-A66C-4319-A0E0-D416CB8059E3} <D:\360卫士\360safe\live.dll> [(Verified)360.cn, 1, 0, 1, 1028, C:2008-07-16 22:00 M:2008-07-16 22:00]
[DapCtrl Class]
{ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} <C:\Program Files\Common Files\Thunder Network\KanKan\DapCtrl.2.1.5804.63.(133).dll> [ShenZhen Thunder Networking Technologies Ltd., 2, 1, 5804, 63, C:2008-10-18 01:13 M:2008-08-25 17:25]
[XPPlayer Class]
{F3E70CEA-956E-49CC-B444-73AFE593AD7F} <C:\Program Files\Common Files\Thunder Network\KanKan\PPlayer.2.0.5835.191.(133).dll> [Xunlei Networking Technologies,LTD, 2, 0, 5835, 191, C:2008-10-18 01:13 M:2008-08-25 17:25]
Context Menu
[avast]
{472083B0-C522-11CF-8763-00608CC02F24} <> []
[DrWMenuHandlers]
{e7593602-124b-47c9-9f73-a69308edc973} <> []
[EncryptFile]
{D55189EB-2826-4834-8E59-582B05CA99CA} <D:\优话大师\Wopti\WoptiEncryptModule.dll> [(Verified)共软网络, 1.0.8.103, C:2008-03-01 23:17 M:2008-01-03 13:51]
[ewido anti-spyware]
{8934FCEF-F5B8-468f-951F-78A921CD3920} <D:\ewido木马专杀\AVG Anti-Spyware\context.dll> [(Verified)GRISOFT s.r.o., 7, 5, 1, 36, C:2007-05-31 00:29 M:2008-05-18 23:38]
[Kvplus Delete]
{5931946E-05B3-4EAE-90C7-0DB78FC9E739} <D:\江民\JiangMin\Antivirus\KVShell.dll> [Jiangmin Co.Ltd, 2, 0, 8, 918, C:2008-10-18 01:19 M:2008-09-27 13:03]
[Kvplus Scan]
{94081493-0A1E-4C17-B1AF-E717E69564C8} <D:\江民\JiangMin\Antivirus\KVShell.dll> [Jiangmin Co.Ltd, 2, 0, 8, 918, C:2008-10-18 01:19 M:2008-09-27 13:03]
[WinRAR]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} <D:\压缩工具\rarext.dll> [N/A, C:2008-03-01 23:16 M:2007-09-23 18:59]
========================================
服务
[AVG Anti-Spyware Guard / AVG Anti-Spyware Guard][Running/Auto Start]
<D:\ewido木马专杀\AVG Anti-Spyware\guard.exe> [(Verified)GRISOFT s.r.o., 7, 5, 1, 22, C:2007-05-31 00:31 M:2008-05-18 23:39]
[Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
<%SystemRoot%\System32\dmadmin.exe /com> [(Verified)VERITAS Software Corp., 2195.6624.297.3, C:2008-03-02 18:38 M:2003-06-20 03:05]
[KVSrvXP / KVSrvXP][Running/Auto Start]
<"D:\江民\JiangMin\AntiVirus\KVSrvXP.exe" /Service> [(Verified)Jiangmin Co., Ltd., 12, 0, 8, 1028, C:2008-10-18 01:20 M:2008-10-31 09:38]
========================================
驱动
[C-Media PCI Audio Interface / cmuda3][Running/Manual Start]
<system32\drivers\cmuda3.sys> [C-Media Inc, 5.12.01.0046.5.1, C:2000-01-01 01:41 M:2005-10-28 10:45]
[WAN Miniport Driver For PPPoE Protocol / GNetPPPoE][Running/Manual Start]
<System32\DRIVERS\PPPoE.SYS> [Guangdong Data Communications Network Co.Ltd., 1.00.1000.384, C:2000-01-01 00:09 M:2000-01-01 00:09]
[HdFw_slot / HdFw_slot][Stopped/Manual Start]
<\??\D:\江民\JiangMin\KVFW\HdFw.sys> []
[kmsinput / kmsinput][Stopped/Manual Start]
<\??\C:\WINNT\system32\drivers\kmsinput.sys> []
[aswFsBlk / aswFsBlk][Running/Auto Start]
<system32\DRIVERS\aswFsBlk.sys> [(Verified)ALWIL Software, 4.8.1281.0, C:2008-11-14 00:36 M:2008-11-13 00:53]
[AVG Anti-Spyware Driver / AVG Anti-Spyware Driver][Running/System Start]
<\??\D:\ewido木马专杀\AVG Anti-Spyware\guard.sys> [(Verified)N/A, C:2007-05-31 00:10 M:2008-05-18 23:39]
[AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start]
<System32\DRIVERS\AvgAsCln.sys> [(Verified)GRISOFT, s.r.o., 1.0.0.14, C:2008-05-18 12:42 M:2007-05-31 00:10]
[BsDeamon / BsDeamon][Running/System Start]
<\??\D:\江民\JiangMin\AntiVirus\BsDeamon.sys> [(Verified)Jiangmin Co., Ltd., 2, 0, 8, 311, C:2008-10-18 01:19 M:2008-09-16 14:55]
[dmboot / dmboot][Stopped/Disabled]
<System32\drivers\dmboot.sys> [(Verified)VERITAS Software Corp., 2195.6655.297.3, C:2001-05-04 04:05 M:2003-06-20 03:05]
[Logical Disk Manager Driver / dmio][Running/Boot Start]
<System32\drivers\dmio.sys> [(Verified)VERITAS Software Corp., 2195.6655.297.3, C:2001-05-04 04:05 M:2003-06-20 03:05]
[dmload / dmload][Running/Boot Start]
<System32\drivers\dmload.sys> [(Verified)VERITAS Software Corp., 2195.6655.297.3, C:2001-05-04 04:05 M:2003-06-20 03:05]
[KRegEx / KRegEx][Running/Auto Start]
<\??\D:\江民\JiangMin\Antivirus\KRegEx.sys> [(Verified)Jiangmin Co. Ltd., 10, 0, 8, 429, C:2008-10-18 01:19 M:2008-09-16 14:55]
[Jiangmin Antivirus Software - SysCall Services / KSysCall][Running/System Start]
<\??\D:\江民\JiangMin\common\KSysCall.sys> [(Verified)Jiangmin Co., Ltd., 12, 0, 8, 904, C:2008-10-18 01:19 M:2008-09-16 14:55]
[Jiangmin Antivirus Software - System Monitor / KSysMon][Running/System Start]
<\??\D:\江民\JiangMin\Antivirus\KSysMon.sys> [(Verified)Jiangmin Co., Ltd., 12, 0, 8, 912, C:2008-10-18 01:19 M:2008-09-16 14:55]
[Jiangmin Antivirus Software - File Tracer / KSysTrace][Running/System Start]
<\??\D:\江民\JiangMin\Antivirus\KSysTrace.sys> [(Verified)Jiangmin Co., Ltd., 12, 0, 8, 927, C:2008-10-18 01:19 M:2008-10-14 09:46]
[KVFileGuard From Jiangmin / KVFileGuard][Running/Manual Start]
<\??\D:\江民\JiangMin\AntiVirus\KVFG.sys> [(Verified)Jiangmin Co., Ltd., 11, 0, 8, 710, C:2008-10-18 01:19 M:2008-09-16 14:55]
[KVRedir From Jiangmin / KVRedir][Running/System Start]
<\??\D:\江民\JiangMin\AntiVirus\KVRedir.sys> [(Verified)Jiangmin Co., Ltd., 2.02.08.812 built by: WinDDK, C:2008-10-18 01:19 M:2008-09-16 14:55]
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<System32\DRIVERS\ptilink.sys> [(Verified)Parallel Technologies, Inc., 1.10, C:2001-05-04 04:05 M:2003-06-20 03:05]
[Realtek RTL8139-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
<System32\DRIVERS\RTL8139.SYS> [(Verified)Realtek Semiconductor Corporation , 5.366.0818.1999, C:2000-01-01 01:12 M:1999-09-24 19:17]
[SiSV / SiSV][Running/Manual Start]
<System32\DRIVERS\SiSV.sys> [(Verified)Silicon Integrated Systems Corporation, 4.11.01.1300, C:2000-01-01 01:12 M:1999-09-27 20:02]
[Jiangmin AntiVirus Software - System Guard / SysGuard][Running/Boot Start]
<system32\Drivers\SysGuard.sys> [(Verified)Jiangmin Co., Ltd., 12, 2, 8, 912, C:2008-10-18 01:50 M:2008-09-16 14:55]
========================================
进程
[PID: 176 / SYSTEM] \SystemRoot\System32\smss.exe [(Verified)Microsoft Corporation, 5.00.2195.6601, C:2001-05-04 04:05 M:2003-06-20 03:05]
[PID: 148 / SYSTEM] \??\C:\WINNT\system32\csrss.exe [(Verified)Microsoft Corporation, 5.00.2195.6601, C:2008-03-02 18:37 M:2003-06-20 03:05]
[PID: 80 / SYSTEM] \??\C:\WINNT\system32\winlogon.exe [(Verified)Microsoft Corporation, 5.00.2195.6997, C:2005-06-03 05:01 M:2005-06-03 05:01]
[PID: 232 / SYSTEM] C:\WINNT\system32\services.exe [(Verified)Microsoft Corporation, 5.00.2195.7035, C:2001-05-04 04:05 M:2005-06-03 05:00]
C:\WINNT\system32\dmserver.dll [(Verified)VERITAS Software Corp., 2195.6605.297.3, C:2008-03-02 18:38 M:2003-06-20 03:05]
[PID: 244 / SYSTEM] C:\WINNT\system32\lsass.exe [(Verified)Microsoft Corporation, 5.00.2195.7011, C:2001-05-04 04:05 M:2005-06-03 05:00]
[PID: 452 / SYSTEM] D:\ewido木马专杀\AVG Anti-Spyware\guard.exe [(Verified)GRISOFT s.r.o., 7, 5, 1, 22, C:2007-05-31 00:31 M:2008-05-18 23:39]
D:\ewido木马专杀\AVG Anti-Spyware\engine.dll [(Verified)GRISOFT s.r.o., 4, 2, 0, 19, C:2007-06-07 22:49 M:2008-05-18 23:39]
[PID: 476 / SYSTEM] C:\WINNT\SYSTEM32\SVCHOST.EXE [(Verified)Microsoft Corporation, 5.00.2134.1, C:2000-01-10 04:00 M:2000-01-10 04:00]
[PID: 500 / SYSTEM] C:\WINNT\system32\svchost.exe [(Verified)Microsoft Corporation, 5.00.2134.1, C:2000-01-10 04:00 M:2000-01-10 04:00]
[PID: 544 / SYSTEM] C:\WINNT\system32\svchost.exe [(Verified)Microsoft Corporation, 5.00.2134.1, C:2000-01-10 04:00 M:2000-01-10 04:00]
[PID: 580 / SYSTEM] C:\WINNT\System32\svchost.exe [(Verified)Microsoft Corporation, 5.00.2134.1, C:2000-01-10 04:00 M:2000-01-10 04:00]
[PID: 756 / xp] C:\WINNT\Explorer.EXE [(Verified)Microsoft Corporation, 5.00.3700.6690, C:2008-03-02 18:45 M:2003-06-20 03:05]
D:\江民\JiangMin\Antivirus\KsPec.dll [(Verified)Jiangmin Co., Ltd., 12, 2, 8, 807, C:2008-10-18 01:20 M:2008-09-16 14:55]
D:\江民\JiangMin\common\KVTrust.dll [(Verified)Jiangmin Co., Ltd., 10, 0, 8, 904, C:2008-10-18 01:19 M:2008-09-16 14:55]
D:\江民\JiangMin\common\KvTools.dll [(Verified)Jiangmin Co., Ltd., 12, 0, 8, 901, C:2008-10-18 01:19 M:2008-09-16 14:55]
C:\WINNT\system32\HiveBase.dll [(Verified)Jiangmin Co., Ltd., 12, 0, 8, 903, C:2008-10-18 01:19 M:2008-09-16 14:55]
C:\WINNT\system32\kvinstall.dll [(Verified)Jiangmin Co, Ltd., 12, 0, 0, 800, C:2008-10-18 01:19 M:2008-09-16 14:55]
D:\江民\JiangMin\common\KVTrustInit.dll [(Verified)Jiangmin Co., Ltd., 12, 0, 8, 819, C:2008-10-18 01:20 M:2008-09-16 14:55]
D:\江民\JiangMin\Antivirus\KVShell.dll [Jiangmin Co.Ltd, 2, 0, 8, 918, C:2008-10-18 01:19 M:2008-09-27 13:03]
D:\江民\JiangMin\Antivirus\lang\KvXP0804.lng [N/A, C:2008-10-18 01:19 M:2008-10-30 15:12]
D:\压缩工具\rarext.dll [N/A, C:2008-03-01 23:16 M:2007-09-23 18:59]
D:\迅雷5\ComDlls\TDAtOnce_Now.dll [(Verified)Thunder Networking Technologies,LTD, 1.0.5.29, C:2008-10-07 16:26 M:2008-06-13 09:43]
D:\迅雷5\ComDlls\xunleiBHO_Now.dll [(Verified)Thunder Networking Technologies,LTD, 5, 0, 8, 96, C:2008-10-07 16:26 M:2008-06-13 09:43]
D:\迅雷5\Components\ResWorker\DsBho_00.dll [Thunder Networking Technologies,LTD, 1, 0, 0, 20, C:2008-10-07 16:26 M:2008-08-25 17:25]
C:\WINNT\system32\MSVCP60.dll [Microsoft Corporation, 6.00.8972.0, C:2000-08-29 02:19 M:2000-08-29 02:19]
D:\迅雷5\Components\ResWorker\DataProcessor_00.dll [Thunder Networking Technologies,LTD, 1, 0, 0, 16, C:2008-10-07 16:26 M:2008-08-25 17:25]
[PID: 532 / xp] C:\WINNT\system32\internat.exe [(Verified)Microsoft Corporation, 5.00.2920.0000, C:2000-01-10 04:00 M:2000-01-10 04:00]
[PID: 916 / xp] D:\清理助手\arswp\ArSwp.exe [(Verified)ArSwp.com, 2, 8, 2, 1115, C:2008-11-15 11:58 M:2008-11-15 11:58]
C:\WINNT\system32\MSVCP60.dll [Microsoft Corporation, 6.00.8972.0, C:2000-08-29 02:19 M:2000-08-29 02:19]
D:\江民\JiangMin\Antivirus\KsPec.dll [(Verified)Jiangmin Co., Ltd., 12, 2, 8, 807, C:2008-10-18 01:20 M:2008-09-16 14:55]
D:\江民\JiangMin\common\KVTrust.dll [(Verified)Jiangmin Co., Ltd., 10, 0, 8, 904, C:2008-10-18 01:19 M:2008-09-16 14:55]
D:\江民\JiangMin\common\KvTools.dll [(Verified)Jiangmin Co., Ltd., 12, 0, 8, 901, C:2008-10-18 01:19 M:2008-09-16 14:55]
C:\WINNT\system32\HiveBase.dll [(Verified)Jiangmin Co., Ltd., 12, 0, 8, 903, C:2008-10-18 01:19 M:2008-09-16 14:55]
C:\WINNT\system32\kvinstall.dll [(Verified)Jiangmin Co, Ltd., 12, 0, 0, 800, C:2008-10-18 01:19 M:2008-09-16 14:55]
D:\江民\JiangMin\common\KVTrustInit.dll [(Verified)Jiangmin Co., Ltd., 12, 0, 8, 819, C:2008-10-18 01:20 M:2008-09-16 14:55]
D:\清理助手\arswp\plugin\ArFix.dll [(Verified)ArSwp.Com, 2, 5, 0, 0, C:2007-11-28 15:19 M:2007-11-28 15:19]
D:\江民\JiangMin\AntiVirus\UrlGuard.dll [(Verified)Jiangmin Co., Ltd., 1, 0, 8, 728, C:2008-10-18 01:19 M:2008-09-16 14:55]
D:\江民\JiangMin\Kernel\EngFace.dll [(Verified)Jiangmin Co., Ltd., 3, 0, 8, 911, C:2008-10-18 01:19 M:2008-09-16 14:54]
D:\江民\JiangMin\Kernel\Unace.dll [(Verified)N/A, C:2008-10-18 01:19 M:2008-09-16 14:54]
D:\江民\JiangMin\AntiVirus\KVAddrDb.dll [(Verified)Jiangmin Co., Ltd., 12, 0, 8, 815, C:2008-10-18 01:19 M:2008-09-16 14:55]
========================================
文件关联
[.txt] <NOTEPAD.EXE %1> [Microsoft Corporation, 5.00.2140.1, ]
[.log] <NOTEPAD.EXE %1> [Microsoft Corporation, 5.00.2140.1, ]
[.chm] <"C:\WINDOWS\hh.exe" %1> []
========================================
AutoRun.INF
========================================
Winsock提供者
========================================
HOSTS
127.0.0.1 localhost
[/CODE]