Chinaunix

标题: 【求助】杀不掉的木马 [打印本页]

作者: trash_123 时间: 2006-11-10 04:24
标题: 【求助】杀不掉的木马
我用金山毒霸6全盘杀毒，病毒库是2006年11月7日的。\r\n杀毒日志：\r\n2006-11-10 3:04:14,毒霸主程序,Win32.Troj.PSWQQRob.je.54272,其他病毒,C:\\WINDOWS\\system32\\RpS.dll,发现病毒在： \r\n\r\nC:\\WINDOWS\\system32\\RpS.dll\r\n病毒名：Win32.Troj.PSWQQRob.je.54272\r\n病毒类型：其他病毒\r\n处理结果：其他病毒；需要重启；\r\n\r\n2006-11-10 3:02:30,病毒防火墙,Win32.Troj.PSWQQRob.je.54272,其他病毒,C:\\WINDOWS\\system32\\RpS.dll,发现病毒在： \r\n\r\nC:\\WINDOWS\\system32\\RpS.dll\r\n病毒名：Win32.Troj.PSWQQRob.je.54272\r\n病毒类型：其他病毒\r\n处理结果：其他病毒；需要重启；\r\n\r\n同时用木马杀客，毒霸QQ病毒专杀工具杀毒，都查不出来。\r\n我在注册表里搜索含RsP.dll的项，删除之，但每次重启后，这个病毒依然存在。\r\n没有办法了，请求各位朋友帮忙解决，万分感谢！\r\n\r\n\r\n\r\n\r\n\r\n\r\n扫描日志：\r\n\r\n2006-11-10,03:12:25\r\n\r\nSystem Repair Engineer 2.2.6.605\r\nSmallfrogs (http://www.KZTechs.com)\r\n\r\nWindows XP Professional Service Pack 2 (Build 2600)\r\n - 管理权限用户 - 完整功能\r\n\r\n以下内容被选中：\r\n 所有的启动项目（包括注册表、启动文件夹、服务等）\r\n 浏览器加载项\r\n 正在运行的进程（包括进程模块信息）\r\n 文件关联\r\n Winsock 提供者\r\n Autorun.inf\r\n HOSTS 文件\r\n\r\n\r\n启动项目\r\n注册表\r\n[HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]\r\n <ctfmon.exe><C:\\WINDOWS\\System32\\ctfmon.exe> [(Verified)Microsoft Corporation]\r\n <iDuba Personal FireWall><C:\\KAV6\\KAVPFW.EXE> [Kingsoft Corporation]\r\n[HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows]\r\n <load><> [N/A]\r\n <run><> [N/A]\r\n[HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]\r\n <IMJPMIG8.1><\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Corporation]\r\n <

HIME2002ASync><C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC> [(Verified)Microsoft Corporation]\r\n <

HIME2002A><C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName> [(Verified)Microsoft Corporation]\r\n <IgfxTray><C:\\WINDOWS\\System32\\igfxtray.exe> [(Verified)Intel Corporation]\r\n <HotKeysCmds><C:\\WINDOWS\\System32\\hkcmd.exe> [(Verified)Intel Corporation]\r\n <KAVRun><C:\\KAV6\\KAVRun.EXE> [kingsoft]\r\n <Kulansyn><C:\\KAV6\\Kulansyn.EXE> [Kingsoft Corp.]\r\n <KpopMon><C:\\KAV6\\KpopMon.EXE> []\r\n <iDuba Personal FireWall><C:\\KAV6\\KAVPFW.EXE> [Kingsoft Corporation]\r\n[HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon]\r\n <shell><explorer.exe> [(Verified)Microsoft Corporation]\r\n <Userinit><C:\\WINDOWS\\System32\\userinit.exe> [(Verified)Microsoft Corporation]\r\n[HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows]\r\n <AppInit_DLLs><> [N/A]\r\n[HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon]\r\n <UIHost><logonui.exe> [(Verified)Microsoft Corporation]\r\n[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellExecuteHooks]\r\n <{54D9498B-CF93-414F-8984-8CE7FDE0D391}><D:\\download\\Downloads\\kill virus\\EWIDO3.5\\shellhook.dll> [N/A]\r\n[HKEY_CURRENT_USER\\Control Panel\\Desktop]\r\n <SCRNSAVE.EXE><C:\\WINDOWS\\System32\\BROKEB~1.SCR> [ScreenTime Media]\r\n启动文件夹\r\nN/A\r\n\r\n==================================\r\n服务\r\n[ewido security suite guard / ewido security suite guard]\r\n <D:\\download\\Downloads\\kill virus\\EWIDO3.5\\ewidoguard.exe><ewido networks>\r\n[Human Interface Device Access / HidServ]\r\n <C:\\WINDOWS\\System32\\svchost.exe -k netsvcs-->%SystemRoot%\\System32\\hidserv.dll><N/A>\r\n[Kingsoft AntiVirus Service / KAVSvc]\r\n <C:\\KAV6\\KAVSvc.EXE><kingsoft Antivirus>\r\n[Remote Procedure Call System(RPCS) / RpcS]\r\n <C:\\WINDOWS\\System32\\RpcS.exe><Microsoft Corporation>\r\n\r\n==================================\r\n驱动程序\r\n[Service for Avance AC97 Audio (WDM) / ALCXWDM]\r\n <system32\\drivers\\ALCXWDM.SYS><Avance Logic, Inc.>\r\n[ialm / ialm]\r\n <System32\\DRIVERS\\ialmnt5.sys><Intel Corporation>\r\n[IdeBusDr / IdeBusDr]\r\n <\\SystemRoot\\System32\\DRIVERS\\IdeBusDr.sys><Intel Corporation>\r\n[Intel(R) Ultra ATA Controller / IdeChnDr]\r\n <\\SystemRoot\\System32\\DRIVERS\\IdeChnDr.sys><Intel Corporation>\r\n[Intel(R) Ham 5628 V.92 Modem / Intels51]\r\n <System32\\DRIVERS\\Intels51.sys><Intel Corporation>\r\n[kmsinput / kmsinput]\r\n <\\??\\C:\\WINDOWS\\System32\\drivers\\kmsinput.sys><N/A>\r\n[KNetWch / KNetWch]\r\n <\\??\\C:\\KAV6\\KNetWch.SYS><金山电脑公司>\r\n[KWatch / KWatch]\r\n <\\??\\C:\\WINDOWS\\System32\\drivers\\KWatch.Sys><Kingsoft Corporation>\r\n[KWatch2 / KWatch2]\r\n <\\??\\C:\\WINDOWS\\System32\\drivers\\KWatch2.sys><Kingsoft Antivirus>\r\n[npkcrypt / npkcrypt]\r\n <\\??\\C:\\Program Files\\Tencent\\QQ\\npkcrypt.sys><INCA Internet Co., Ltd.>\r\n[npkycryp / npkycryp]\r\n <\\??\\C:\\Program Files\\Tencent\\QQ\\npkycryp.sys><N/A>\r\n[Direct Parallel Link Driver / Ptilink]\r\n <System32\\DRIVERS\\ptilink.sys><

arallel Technologies, Inc.>\r\n[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139]\r\n <System32\\DRIVERS\\RTL8139.SYS><Realtek Semiconductor Corporation>\r\n[Secdrv / Secdrv]\r\n <System32\\DRIVERS\\secdrv.sys><N/A>\r\n==================================\r\n浏览器加载项\r\n[ThunderIEHelper Class]\r\n {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\\WINDOWS\\System32\\xunleibho_v14.dll, Thunder Networking Technologies,LTD>\r\n[AcroIEHlprObj Class]\r\n {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\\Program Files\\Adobe\\Acrobat 7.0\\ActiveX\\AcroIEHelper.dll, Adobe Systems \r\n\r\nIncorporated>\r\n[QQBrowserHelperObject Class]\r\n {54EBD53A-9BC1-480B-966A-843A333CA162} <C:\\Program Files\\Tencent\\QQ\\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>\r\n[江民在线杀毒]\r\n {06926B30-424E-4f1c-8EE3-543CD96573DC} <http://online.jiangmin.com/online.asp, N/A>\r\n[金山卓越]\r\n {8DE0FCD4-5EB5-11D3-AD25-00002100131B} <url:http://www.joyo.com, N/A>\r\n[QQ]\r\n {c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\\Program Files\\Tencent\\QQ\\QQ.EXE, TENCENT>\r\n[FlashGet]\r\n {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <C:\\PROGRA~1\\FlashGet\\flashget.exe, Amaze Soft>\r\n[易趣购物]\r\n {DE607144-AC19-424e-861A-1D70ABDF119A} <http://click2.ad4all.net/url2/urlmanage/url.asp?id=5, N/A>\r\n[QQIEFloatBarCfgCmd Class]\r\n {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <C:\\Program Files\\Tencent\\QQ\\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>\r\n[金山毒霸网站]\r\n {e1fc9760-7b95-49cd-80b9-8c9e41017b93} <url:http://www.duba.net, N/A>\r\n[在线查毒]\r\n {f58d36c3-40be-4418-a786-d8fbe3eb3554} <C:\\KAV6\\kavie.HTM, N/A>\r\n[电台(&R)]\r\n {8E718888-423F-11D2-876E-00A0C9082467} <C:\\WINDOWS\\System32\\msdxm.ocx, Microsoft Corporation>\r\n[BitCometBar]\r\n {3F1ABCDB-A875-46c1-8345-B72A4567E486} <C:\\Program Files\\BitComet\\BitCometBar\\BitCometBar0.2.dll, N/A>\r\n[金山毒霸]\r\n {A9BE2902-C447-420A-BB7F-A5DE921E6138} <C:\\KAV6\\KAIEPlus.DLL, >\r\n[PowerList Control]\r\n {20C2C286-BDE8-441B-B73D-AFA22D914DA5} <C:\\WINDOWS\\DOWNLO~1\\POWERL~1.OCX, PPStream.com>\r\n[WebActivater Control]\r\n {3D8F74EE-8692-4F8F-B8D2-7522E732519E} <C:\\WINDOWS\\System32\\WEBACT~1.OCX, QQ>\r\n[Shockwave Flash Object]\r\n {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\\WINDOWS\\System32\\Macromed\\Flash\\Flash8a.ocx, Macromedia, Inc.>\r\n[Ravonline]\r\n {DA984A6D-508E-11D6-AA49-0050FF3C628D} <C:\\WINDOWS\\Downloaded Program Files\\RsOnline.dll, Beijing Rising Tech. Co., Ltd.>\r\n[KvScanOnline Control]\r\n {EF6205C1-3F17-4829-BCB5-1336ED89E356} <C:\\WINDOWS\\System32\\KvDown.ocx, dreamersoft>\r\n[上传到QQ网络硬盘]\r\n <C:\\Program Files\\Tencent\\QQ\\AddToNetDisk.htm, N/A>\r\n[使用网际快车下载]\r\n <C:\\Program Files\\FlashGet\\jc_link.htm, N/A>\r\n[使用网际快车下载全部链接]\r\n <C:\\Program Files\\FlashGet\\jc_all.htm, N/A>\r\n[导出当前页到超星阅览器(&A)]\r\n <C:\\Program Files\\SSREADER36\\ss_all.htm, N/A>\r\n[导出选中部分到超星阅览器(&S)]\r\n <C:\\Program Files\\SSREADER36\\ss_select.htm, N/A>\r\n[添加到QQ自定义面板]\r\n <C:\\Program Files\\Tencent\\QQ\\AddPanel.htm, N/A>\r\n[添加到QQ表情]\r\n <C:\\Program Files\\Tencent\\QQ\\AddEmotion.htm, N/A>\r\n[用QQ彩信发送该图片]\r\n <C:\\Program Files\\Tencent\\QQ\\SendMMS.htm, N/A>\r\n正在运行的进程\r\n[PID: 448][\\SystemRoot\\System32\\smss.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]\r\n[PID: 512][\\??\\C:\\WINDOWS\\system32\\csrss.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-114

]\r\n[PID: 536][\\??\\C:\\WINDOWS\\system32\\winlogon.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]\r\n[PID: 588][C:\\WINDOWS\\system32\\services.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-114

]\r\n[PID: 600][C:\\WINDOWS\\system32\\lsass.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]\r\n[PID: 760][C:\\WINDOWS\\system32\\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-114

]\r\n[PID: 812][C:\\WINDOWS\\System32\\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-114

]\r\n[PID: 916][C:\\WINDOWS\\System32\\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-114

]\r\n[PID: 1100][C:\\WINDOWS\\system32\\spoolsv.exe] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-114

]\r\n[PID: 1352][C:\\WINDOWS\\Explorer.EXE] [Microsoft Corporation, 6.00.2800.1221 (xpsp2.030511-1403)]\r\n [C:\\KAV6\\KMailFun.dll] [Kingsoft Co., Ltd, 2005, 4, 28, 227]\r\n [D:\\download\\Downloads\\kill virus\\EWIDO3.5\\shellhook.dll] [N/A, N/A]\r\n [C:\\Program Files\\Adobe\\Acrobat 7.0\\ActiveX\\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0]\r\n [C:\\WINDOWS\\System32\\xunleibho_v14.dll] [Thunder Networking Technologies,LTD, 4, 6, 0, 62]\r\n [C:\\Program Files\\Adobe\\Acrobat 7.0\\ActiveX\\AcroIEHelper.dll] [Adobe Systems Incorporated, 7.0.0.2004121400]\r\n [C:\\Program Files\\WinRAR\\rarext.dll] [N/A, N/A]\r\n [C:\\KAV6\\KAVEXT.DLL] [Kingsoft Corp., 2002, 5, 24, 6]\r\n [C:\\WINDOWS\\System32\\igfxpph.dll] [Intel Corporation, 3,0,0,1773]\r\n [C:\\WINDOWS\\System32\\hccutils.DLL] [Intel Corporation, 3,0,0,1773]\r\n [C:\\WINDOWS\\System32\\igfxres.dll] [Intel Corporation, 3,0,0,1773]\r\n [C:\\WINDOWS\\System32\\igfxsrvc.dll] [Intel Corporation, 3,0,0,1773]\r\n [C:\\WINDOWS\\System32\\igfxdev.dll] [Intel Corporation, 3,0,0,1773]\r\n[PID: 1636][C:\\WINDOWS\\System32\\hkcmd.exe] [Intel Corporation, 3,0,0,1773]\r\n [C:\\WINDOWS\\System32\\hccutils.DLL] [Intel Corporation, 3,0,0,1773]\r\n [C:\\WINDOWS\\System32\\igfxdev.dll] [Intel Corporation, 3,0,0,1773]\r\n [C:\\WINDOWS\\System32\\igfxsrvc.dll] [Intel Corporation, 3,0,0,1773]\r\n [C:\\WINDOWS\\System32\\igfxhk.dll] [Intel Corporation, 3,0,0,1773]\r\n [C:\\WINDOWS\\System32\\igfxres.dll] [Intel Corporation, 3,0,0,1773]\r\n [C:\\KAV6\\KMailFun.dll] [Kingsoft Co., Ltd, 2005, 4, 28, 227]\r\n[PID: 1660][C:\\KAV6\\KpopMon.EXE] [, 2004, 2, 2, 31]\r\n [C:\\KAV6\\KAVMLM.DLL] [Kingsoft Corporation, 2003.11.12.10]\r\n [C:\\KAV6\\KMailFun.dll] [Kingsoft Co., Ltd, 2005, 4, 28, 227]\r\n[PID: 1668][C:\\KAV6\\KAVPFW.EXE] [Kingsoft Corporation, 2004, 8, 16, 295]\r\n [C:\\KAV6\\KAVMLM.DLL] [Kingsoft Corporation, 2003.11.12.10]\r\n [C:\\KAV6\\PFWScanC.dll] [KingSoft, 2002, 4, 12, 3]\r\n [C:\\KAV6\\KAMsgBox.dll] [, 2002.9.27.30]\r\n [C:\\KAV6\\NetShare.dll] [Kingsoft Antivirus, 2004, 2, 20, 67]\r\n [C:\\KAV6\\KAEPlat.DLL] [Kingsoft Corp., 2005, 12, 29, 56]\r\n [C:\\KAV6\\KAEMem.DAT] [Kingsoft, 2006, 4, 12, 13]\r\n [C:\\KAV6\\KMailFun.dll] [Kingsoft Co., Ltd, 2005, 4, 28, 227]\r\n [C:\\KAV6\\KAEQSCAN.DLL] [Kingsoft Corp, 2004, 3, 26, 69]\r\n [C:\\KAV6\\KAVLogFn.dll] [N/A, 2003, 11, 26, 16]\r\n[PID: 1676][C:\\WINDOWS\\System32\\ctfmon.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]\r\n [C:\\KAV6\\KMailFun.dll] [Kingsoft Co., Ltd, 2005, 4, 28, 227]\r\n[PID: 1692][C:\\KAV6\\KWatchUI.EXE] [, 2004.1.6.119]\r\n [C:\\KAV6\\kavcomm.dll] [Kingsoft Corporation, 2003, 11, 12, 66]\r\n [C:\\KAV6\\kavdlg.dll] [, 2004.7.20.81]\r\n [C:\\KAV6\\KAVMLM.DLL] [Kingsoft Corporation, 2003.11.12.10]\r\n [C:\\KAV6\\RpcBrge.DLL] [kingsoft, 2003, 11, 12, 64]\r\n [C:\\KAV6\\KMailFun.dll] [Kingsoft Co., Ltd, 2005, 4, 28, 227]\r\n[PID: 1796][C:\\KAV6\\MailMon.EXE] [Kingsoft Co., Ltd, 2004, 2, 6, 245]\r\n [C:\\KAV6\\KMFilter.DLL] [, 2004, 3, 1, 37]\r\n [C:\\KAV6\\parse822.dll] [Quiksoft Corporation, 2, 0, 0, 9]\r\n [C:\\KAV6\\KAVLogFn.dll] [N/A, 2003, 11, 26, 16]\r\n [C:\\KAV6\\KAVMLM.DLL] [Kingsoft Corporation, 2003.11.12.10]\r\n [C:\\KAV6\\KAMsgBox.DLL] [, 2002.9.27.30]\r\n [C:\\KAV6\\KAVComm.dll] [Kingsoft Corporation, 2003, 11, 12, 66]\r\n [C:\\KAV6\\RpcBrge.DLL] [kingsoft, 2003, 11, 12, 64]\r\n [C:\\KAV6\\KAVDlg.DLL] [, 2004.7.20.81]\r\n [C:\\KAV6\\KAECall.DLL] [Kingsoft Corporation, 2003, 11, 14, 66]\r\n [C:\\KAV6\\KAEScan.DLL] [Kingsoft Corp., 2003, 5, 24, 36]\r\n [C:\\KAV6\\KAEPlat.DLL] [Kingsoft Corp., 2005, 12, 29, 56]\r\n [C:\\KAV6\\KAEMem.DAT] [Kingsoft, 2006, 4, 12, 13]\r\n [C:\\KAV6\\KMailFun.dll] [Kingsoft Co., Ltd, 2005, 4, 28, 227]\r\n[PID: 1864][C:\\KAV6\\KAVPlus.EXE] [, 2004, 3, 3, 71]\r\n [C:\\KAV6\\KMailFun.dll] [Kingsoft Co., Ltd, 2005, 4, 28, 227]\r\n[PID: 1980][C:\\WINDOWS\\System32\\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-114

]\r\n[PID: 2008][C:\\WINDOWS\\System32\\alg.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]\r\n[PID: 2036][D:\\download\\Downloads\\kill virus\\EWIDO3.5\\ewidoguard.exe] [ewido networks, 3, 0, 0, 1]\r\n [D:\\download\\Downloads\\kill virus\\EWIDO3.5\\framework.dll] [ewido networks, 1, 0, 0, 249]\r\n [D:\\download\\Downloads\\kill virus\\EWIDO3.5\\lang.dll] [privat, 1, 0, 0, 1]\r\n [D:\\download\\Downloads\\kill virus\\EWIDO3.5\\configuration.dll] [ewido networks, 1, 0, 0, 1]\r\n [D:\\download\\Downloads\\kill virus\\EWIDO3.5\\update_core.dll] [N/A, N/A]\r\n [D:\\download\\Downloads\\kill virus\\EWIDO3.5\\wizard.dll] [N/A, N/A]\r\n [D:\\download\\Downloads\\kill virus\\EWIDO3.5\\engine.dll] [ewido networks GmbH & Co. KG, 4, 0, 0, 2]\r\n [D:\\download\\Downloads\\kill virus\\EWIDO3.5\\scan.dll] [ewido networks, 1, 0, 0, 2]\r\n [D:\\download\\Downloads\\kill virus\\EWIDO3.5\\tray_dll.dll] [N/A, N/A]\r\n[PID: 176][C:\\KAV6\\KAVSvc.EXE] [kingsoft Antivirus, 2003, 11, 12, 70]\r\n [C:\\KAV6\\SvcComm.dll] [kingsoft Antivirus, 2004, 7, 28, 1]\r\n [C:\\KAV6\\SvcTimer.DLL] [Kingsoft, 2004.4.29.79]\r\n [C:\\KAV6\\KavComm.dll] [Kingsoft Corporation, 2003, 11, 12, 66]\r\n [C:\\KAV6\\RpcBrge.DLL] [kingsoft, 2003, 11, 12, 64]\r\n [C:\\KAV6\\KWatchFn2.dll] [kingsoft Corporation, 2004, 8, 24, 25]\r\n [C:\\KAV6\\KAEPlat.DLL] [Kingsoft Corp., 2005, 12, 29, 56]\r\n [C:\\KAV6\\KAEMem.DAT] [Kingsoft, 2006, 4, 12, 13]\r\n [C:\\KAV6\\KAVUtils.dll] [Kingsoft Corp, 2004, 2, 12, 69]\r\n [C:\\KAV6\\KAVDlg.DLL] [, 2004.7.20.81]\r\n [C:\\KAV6\\KAVLogFn.dll] [N/A, 2003, 11, 26, 16]\r\n[PID: 1460][E:\\木马杀客\\mmsk.exe] [木马杀客, 2,0,0,7]\r\n [E:\\木马杀客\\krnln.fnr] [, 1, 0, 0, 1]\r\n [C:\\KAV6\\KMailFun.dll] [Kingsoft Co., Ltd, 2005, 4, 28, 227]\r\n [E:\\木马杀客\\HYExtLib.fne] [N/A, N/A]\r\n [E:\\木马杀客\\TrayIcon.fne] [, 1, 0, 0, 1]\r\n [E:\\木马杀客\\iext2.fne] [, 1, 0, 0, 1]\r\n [E:\\木马杀客\\iext.fne] [, 1, 0, 0, 1]\r\n [E:\\木马杀客\\HtmlView.fne] [, 1, 0, 0, 1]\r\n [C:\\KAV6\\KAVEXT.DLL] [Kingsoft Corp., 2002, 5, 24, 6]\r\n [E:\\木马杀客\\iext3.fne] [, 1, 0, 0, 1]\r\n [E:\\木马杀客\\xplib.fne] [N/A, N/A]\r\n [E:\\木马杀客\\mmskskin.dll] [, 2, 0, 0, 6]\r\n [E:\\木马杀客\\SkinPPWTL.dll] [http://www.skinplusplus.com, 2, 1, 0, 0]\r\n [E:\\木马杀客\\shell.fne] [N/A, N/A]\r\n [E:\\木马杀客\\EThread.fne] [N/A, N/A]\r\n [E:\\木马杀客\\dp1.fne] [N/A, N/A]\r\n[PID: 1084][C:\\Program Files\\Tencent\\QQ\\QQ.exe] [TENCENT, 14, 27, 0, 082]\r\n [C:\\Program Files\\Tencent\\QQ\\QQBaseClassInDll.dll] [, 1, 0, 0, 1]\r\n [C:\\Program Files\\Tencent\\QQ\\QQHelperDll.dll] [, 1, 0, 0, 1]\r\n [C:\\Program Files\\Tencent\\QQ\\BasicCtrlDll.dll] [Tencent, 0, 3, 3, 6]\r\n [C:\\KAV6\\KMailFun.dll] [Kingsoft Co., Ltd, 2005, 4, 28, 227]\r\n [C:\\Program Files\\Tencent\\QQ\\QQAPI.dll] [, 1, 0, 0, 1]\r\n [C:\\Program Files\\Tencent\\QQ\\LoginCtrl.dll] [, 1, 0, 0, 1]\r\n [C:\\Program Files\\Tencent\\QQ\\npkcntc.dll] [INCA Internet Co., Ltd., 2005, 9, 1, 1]\r\n [C:\\Program Files\\Tencent\\QQ\\npkpdb.dll] [INCA Internet Co., Ltd., 2003, 10, 1, 1]\r\n [C:\\Program Files\\Tencent\\QQ\\QQRes.dll] [tencent, 1, 0, 0, 1]\r\n [C:\\Program Files\\Tencent\\QQ\\QQMainFrame.dll] [N/A, N/A]\r\n [C:\\Program Files\\Tencent\\QQ\\CQQApplication.dll] [N/A, N/A]\r\n [C:\\Program Files\\Tencent\\QQ\\NewSkin.dll] [, 1, 0, 0, 1]\r\n [C:\\Program Files\\Tencent\\QQ\\HostingMgr.dll] [, 1, 0, 0, 1]\r\n [C:\\Program Files\\Tencent\\QQ\\MailSummary.dll] [, 1, 0, 0, 1]\r\n [C:\\Program Files\\Tencent\\QQ\\QQSpace.dll] [, 1, 0, 0, 1]\r\n [C:\\WINDOWS\\System32\\msdmo.dll] [N/A, N/A]\r\n [C:\\Program Files\\Tencent\\QQ\\QQSysMsgMng.dll] [N/A, N/A]\r\n [C:\\Program Files\\Tencent\\QQ\\QQConfigPlugin.dll] [, 1, 0, 0, 1]\r\n [C:\\Program Files\\Tencent\\QQ\\UserDefinedHead.dll] [, 1, 0, 0, 1]\r\n [C:\\Program Files\\Tencent\\QQ\\QRingMng.dll] [N/A, N/A]\r\n [C:\\Program Files\\Tencent\\QQ\\PhoneAPI.dll] [, 1, 0, 0, 1]\r\n [C:\\Program Files\\Tencent\\QQ\\DialerAllinOne.dll] [tencent, 1, 4, 0, 0]\r\n [C:\\Program Files\\Tencent\\QQ\\QQAvatar.dll] [N/A, N/A]\r\n [C:\\Program Files\\Tencent\\QQ\\FlashAvatarDll.dll] [, 1, 4, 0, 1]\r\n [C:\\Program Files\\Tencent\\QQ\\LongConnection.dll] [tencent, 0, 3, 3, 8]\r\n [C:\\Program Files\\Tencent\\QQ\\QQPet.dll] [, 1, 0, 0, 1]\r\n [C:\\Program Files\\Tencent\\QQ\\BQQApplication.dll] [N/A, N/A]\r\n [C:\\Program Files\\Tencent\\QQ\\QQPlugin.dll] [N/A, N/A]\r\n [D:\\download\\Downloads\\kill virus\\EWIDO3.5\\shellhook.dll] [N/A, N/A]\r\n [C:\\Program Files\\Tencent\\QQ\\CommercesMng.dll] [, 1, 0, 0, 1]\r\n [C:\\Program Files\\Tencent\\QQ\\PersonalDesktop.dll] [深圳市腾讯计算机系统公司QQ工作小组, 1, 0, 0, 2]\r\n [C:\\Program Files\\Tencent\\QQ\\QQUdpGetFileLib.dll] [tencent, 0, 2, 2, 3]\r\n [C:\\Program Files\\Tencent\\QQ\\QQAddr.dll] [深圳市腾讯计算机系统有限公司, 4, 0, 200, 32]\r\n [C:\\Program Files\\Tencent\\QQ\\QQSceneMng.dll] [N/A, N/A]\r\n [C:\\Program Files\\Tencent\\QQ\\QQPhoneHelper.dll] [腾讯科技（深圳）有限公司, 2, 0, 6, 60]\r\n [C:\\Program Files\\Tencent\\QQ\\ShareFiles.dll] [N/A, N/A]\r\n [C:\\Program Files\\Tencent\\QQ\\QQZip.dll] [tencent, 0, 3, 2, 4]\r\n [C:\\Program Files\\Tencent\\QQ\\QQAllInOne.dll] [N/A, N/A]\r\n [C:\\Program Files\\Tencent\\QQ\\CameraDll.dll] [, 1, 0, 0, 1]\r\n [C:\\Program Files\\Tencent\\QQ\\SCCore.dll] [N/A, N/A]\r\n [C:\\KAV6\\KAVEXT.DLL] [Kingsoft Corp., 2002, 5, 24, 6]\r\n [C:\\WINDOWS\\System32\\Macromed\\Flash\\Flash8a.ocx] [Macromedia, Inc., 8,0,24,0]\r\n [C:\\Program Files\\Tencent\\QQ\\QQCustomFace.dll] [N/A, N/A]\r\n [C:\\Program Files\\Tencent\\QQ\\ImageOle.dll] [TODO: <Company name>, 1.0.0.1]\r\n [C:\\Program Files\\Tencent\\QQ\\GroupConnection.dll] [Tencent, 0, 3, 3, 5]\r\n [C:\\WINDOWS\\System32\\PWBX3245.IME] [Beijing WangMa Computer General Company., 5.00.000]\r\n [C:\\WINDOWS\\system\\WBX3245.dll] [N/A, N/A]\r\n [C:\\WINDOWS\\system\\WMW3245.dll] [N/A, N/A]\r\n [C:\\WINDOWS\\system\\WMSYS32.dll] [N/A, N/A]\r\n [C:\\Program Files\\Tencent\\QQ\\QQMagicFace.dll] [, 1, 0, 0, 1]\r\n [C:\\Program Files\\Tencent\\QQ\\QQFileTransfer.dll] [Tencent, 0, 3, 3, 5]\r\n [C:\\WINDOWS\\System32\\l3codeca.acm] [Fraunhofer Institut Integrierte Schaltungen IIS, 1, 9, 0, 0305]\r\n[PID: 3288][C:\\KAV6\\KAVLog.EXE] [, 2004.2.2.83]\r\n [C:\\KAV6\\kavdlg.dll] [, 2004.7.20.81]\r\n [C:\\KAV6\\KMailFun.dll] [Kingsoft Co., Ltd, 2005, 4, 28, 227]\r\n [C:\\KAV6\\KAVMLM.DLL] [Kingsoft Corporation, 2003.11.12.10]\r\n [C:\\KAV6\\KAVLogFn.dll] [N/A, 2003, 11, 26, 16]\r\n[PID: 3848][D:\\download\\Downloads\\kill virus\\DubaTool_QQTail.EXE] [, 2005, 12, 19, 15]\r\n [C:\\KAV6\\KMailFun.dll] [Kingsoft Co., Ltd, 2005, 4, 28, 227]\r\n [C:\\KAV6\\KAVEXT.DLL] [Kingsoft Corp., 2002, 5, 24, 6]\r\n[PID: 1256][D:\\download\\Downloads\\kill virus\\SREng.exe] [Smallfrogs Studio, 2.2.6.605]\r\n [C:\\KAV6\\KMailFun.dll] [Kingsoft Co., Ltd, 2005, 4, 28, 227]\r\n\r\n==================================\r\n文件关联\r\n.TXT OK. [%SystemRoot%\\system32\\NOTEPAD.EXE %1]\r\n.EXE OK. [\"%1\" %*]\r\n.COM OK. [\"%1\" %*]\r\n.PIF OK. [\"%1\" %*]\r\n.REG OK. [regedit.exe \"%1\"]\r\n.BAT OK. [\"%1\" %*]\r\n.SCR OK. [\"%1\" /S]\r\n.CHM OK. [\"C:\\WINDOWS\\hh.exe\" %1]\r\n.HLP OK. [%SystemRoot%\\system32\\winhlp32.exe %1]\r\n.INI OK. [%SystemRoot%\\System32\\NOTEPAD.EXE %1]\r\n.INF OK. [%SystemRoot%\\System32\\NOTEPAD.EXE %1]\r\n.VBS OK. [%SystemRoot%\\System32\\WScript.exe \"%1\" %*]\r\n.JS OK. [%SystemRoot%\\System32\\WScript.exe \"%1\" %*]\r\n.LNK OK. [{00021401-0000-0000-C000-000000000046}]\r\n\r\n==================================\r\nWinsock 提供者\r\nN/A\r\n\r\n==================================\r\nAutorun.inf\r\nN/A\r\n\r\n==================================\r\nHOSTS 文件\r\n127.0.0.1 localhost\r\n\r\n==================================

欢迎光临 Chinaunix (http://bbs.chinaunix.net/)