请问这个进程是不是病毒?_百度知道查看: 1113|回复: 6
请帮我看看是否中毒了(附日志)
请帮助我看看是否有问题.谢谢!
System Repair Engineer 2.4.12.806
Smallfrogs ()
Windows XP Home Edition Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
以下内容被选中:
& & 所有的启动项目(包括注册表、启动文件夹、服务等)
& & 浏览器加载项
& & 正在运行的进程(包括进程模块信息)
& & 文件关联
& & Winsock 提供者
& & Autorun.inf
& & HOSTS 文件
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
& & &ctfmon.exe&&C:\WINDOWS\system32\ctfmon.exe&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
& & &IMJPMIG8.1&&&C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE& /Spoil /RemAdvDef /Migration32&&&[(Verified)Microsoft Windows Publisher]
& & &SoundMAXPnP&&C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe&&&[Analog Devices, Inc.]
& & &SoundMAX&&&C:\Program Files\Analog Devices\SoundMAX\Smax4.exe& /tray&&&[Analog Devices, Inc.]
& & &AGRSMMSG&&AGRSMMSG.exe&&&[(Verified)Microsoft Windows Hardware Compatibility Publisher]
& & &SynTPEnh&&C:\Program Files\Synaptics\SynTP\SynTPEnh.exe&&&[(Verified)Microsoft Windows Hardware Compatibility Publisher]
& & &IgfxTray&&C:\WINDOWS\system32\igfxtray.exe&&&[(Verified)Microsoft Windows Component Publisher]
& & &HotKeysCmds&&C:\WINDOWS\system32\hkcmd.exe&&&[(Verified)Microsoft Windows Hardware Compatibility Publisher]
& & &Persistence&&C:\WINDOWS\system32\igfxpers.exe&&&[(Verified)Microsoft Windows Hardware Compatibility Publisher]
& & &Cpqset&&C:\Program Files\HPQ\Default Settings\cpqset.exe&&&[]
& & &UpdateManager&&&C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe& /r&&&[Sonic Solutions]
& & &dla&&C:\WINDOWS\system32\dla\tfswctrl.exe&&&[Sonic Solutions]
& & &WatchDog&&C:\Program Files\InterVideo\DVD Check\DVDCheck.exe&&&[InterVideo Inc.]
& & &360Safetray&&D:\Program Files\360safe\safemon\360Tray.exe /start&&&[奇虎网]
& & &AVP&&&C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe&&&&[Kaspersky Lab]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
& & &shell&&Explorer.exe&&&[(Verified)Microsoft Windows Publisher]
& & &Userinit&&C:\WINDOWS\system32\userinit.exe,&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
& & &AppInit_DLLs&&C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll&&&[Kaspersky Lab]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
& & &UIHost&&logonui.exe&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
& & &WinlogonNotify: igfxcui&&igfxdev.dll&&&[(Verified)Microsoft Windows Hardware Compatibility Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
& & &WinlogonNotify: klogon&&C:\WINDOWS\system32\klogon.dll&&&[Kaspersky Lab]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PCANotify]
& & &WinlogonNotify: PCANotify&&PCANotify.dll&&&[Symantec Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
& & &WinlogonNotify: WgaLogon&&WgaLogon.dll&&&[(Verified)Microsoft Corporation]
==================================
启动文件夹
==================================
[Application Management / AppMgmt][Stopped/Manual Start]
&&&C:\WINDOWS\system32\svchost.exe -k netsvcs--&%SystemRoot%\System32\appmgmts.dll&&N/A&
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
&&&C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe&&Microsoft Corporation&
[卡巴斯基互联网安全套装6.0个人版 / AVP][Running/Auto Start]
&&&&C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe& -r&&Kaspersky Lab&
[Symantec pcAnywhere Host Service / awhost32][Stopped/Manual Start]
&&&&D:\Program Files\Symantec\pcAnywhere\awhost32.exe&&&Symantec Corporation&
[Human Interface Device Access / HidServ][Stopped/Disabled]
&&&C:\WINDOWS\System32\svchost.exe -k netsvcs--&%SystemRoot%\System32\hidserv.dll&&N/A&
[HP WMI Interface / hpqwmi][Stopped/Manual Start]
&&&C:\Program Files\HPQ\SHARED\HPQWMI.exe&&Hewlett-Packard Development Company, L.P.&
[LiveUpdate / LiveUpdate][Stopped/Manual Start]
&&&&C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE&&&Symantec Corporation&
[SoundMAX Agent Service / SoundMAX Agent Service (default)][Running/Auto Start]
&&&C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe&&Analog Devices, Inc.&
[Windows Media Connect (WMC) / WmcCds][Stopped/Manual Start]
&&&c:\program files\windows media connect\mswmccds.exe&&Microsoft Corporation&
[Windows Media Connect (WMC) 帮助程序 / WmcCdsLs][Stopped/Manual Start]
&&&C:\Program Files\Windows Media Connect\mswmcls.exe&&Microsoft Corporation&
==================================
[aeaudio / aeaudio][Running/Manual Start]
&&&system32\drivers\aeaudio.sys&&Andrea Electronics Corporation&
[Agere Systems Soft Modem / AgereSoftModem][Running/Manual Start]
&&&system32\DRIVERS\AGRSM.sys&&Agere Systems&
[awecho / awecho][Running/System Start]
&&&system32\drivers\awechomd.sys&&Symantec Corporation&
[awlegacy / awlegacy][Running/System Start]
&&&\SystemRoot\System32\Drivers\awlegacy.sys&&Symantec Corporation&
[AW_HOST / AW_HOST][Running/System Start]
&&&system32\drivers\aw_host5.sys&&Symantec Corporation&
[Broadcom NetXtreme Gigabit Ethernet / b57w2k][Running/Manual Start]
&&&system32\DRIVERS\b57xp32.sys&&Broadcom Corporation&
[Broadcom 802.11 网络适配器驱动程序 / BCM43XX][Stopped/Manual Start]
&&&system32\DRIVERS\bcmwl5.sys&&Broadcom Corporation&
[ClntMgmt.sys / ClntMgmt.sys][Running/System Start]
&&&\SystemRoot\System32\Drivers\ClntMgmt.sys&&Hewlett-Packard&
[drvmcdb / drvmcdb][Running/Boot Start]
&&&\SystemRoot\system32\drivers\drvmcdb.sys&&Sonic Solutions&
[drvnddm / drvnddm][Running/Auto Start]
&&&system32\drivers\drvnddm.sys&&Sonic Solutions&
[eabfiltr / eabfiltr][Running/System Start]
&&&\??\C:\WINDOWS\system32\drivers\EABFiltr.sys&&Hewlett-Packard Company&
[eabusb / eabusb][Stopped/Manual Start]
&&&\??\C:\WINDOWS\system32\drivers\eabusb.sys&&Hewlett-Packard Company&
[GTIPCI21 / GTIPCI21][Running/Manual Start]
&&&system32\DRIVERS\gtipci21.sys&&Texas Instruments&
[HUAWEI Mobile Connect - 3G Modem / hwcdcmdm0][Running/Manual Start]
&&&system32\DRIVERS\ewusbmdm.sys&&QUALCOMM Incorporated&
[HUAWEI Mobile Connect - 3G Application Interface / hwusbser][Running/Manual Start]
&&&system32\DRIVERS\ewusbser.sys&&QUALCOMM Incorporated&
[ialm / ialm][Running/Manual Start]
&&&system32\DRIVERS\ialmnt5.sys&&Intel Corporation&
[kl1 / kl1][Running/Boot Start]
&&&\SystemRoot\system32\drivers\kl1.sys&&Kaspersky Lab&
[klif / klif][Running/System Start]
&&&\??\C:\WINDOWS\system32\drivers\klif.sys&&Kaspersky Lab&
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
&&&system32\DRIVERS\ptilink.sys&&Parallel Technologies, Inc.&
[PxHelp20 / PxHelp20][Running/Boot Start]
&&&\SystemRoot\System32\Drivers\PxHelp20.sys&&Sonic Solutions&
[Secdrv / Secdrv][Stopped/Manual Start]
&&&system32\DRIVERS\secdrv.sys&&N/A&
[SMSC IrCC Miniport Device Driver / SMCIRDA][Running/Manual Start]
&&&system32\DRIVERS\smcirda.sys&&SMSC&
[smwdm / smwdm][Running/Manual Start]
&&&system32\drivers\smwdm.sys&&Analog Devices, Inc.&
[sscdbhk5 / sscdbhk5][Running/System Start]
&&&system32\drivers\sscdbhk5.sys&&Sonic Solutions&
[ssrtln / ssrtln][Running/System Start]
&&&system32\drivers\ssrtln.sys&&Sonic Solutions&
[Synaptics TouchPad Driver / SynTP][Running/Manual Start]
&&&system32\DRIVERS\SynTP.sys&&Synaptics, Inc.&
[tfsnboio / tfsnboio][Running/Auto Start]
&&&system32\dla\tfsnboio.sys&&Sonic Solutions&
[tfsncofs / tfsncofs][Running/Auto Start]
&&&system32\dla\tfsncofs.sys&&Sonic Solutions&
[tfsndrct / tfsndrct][Running/Auto Start]
&&&system32\dla\tfsndrct.sys&&Sonic Solutions&
[tfsndres / tfsndres][Running/Auto Start]
&&&system32\dla\tfsndres.sys&&Sonic Solutions&
[tfsnifs / tfsnifs][Running/Auto Start]
&&&system32\dla\tfsnifs.sys&&Sonic Solutions&
[tfsnopio / tfsnopio][Running/Auto Start]
&&&system32\dla\tfsnopio.sys&&Sonic Solutions&
[tfsnpool / tfsnpool][Running/Auto Start]
&&&system32\dla\tfsnpool.sys&&Sonic Solutions&
[tfsnudf / tfsnudf][Running/Auto Start]
&&&system32\dla\tfsnudf.sys&&Sonic Solutions&
[tfsnudfa / tfsnudfa][Running/Auto Start]
&&&system32\dla\tfsnudfa.sys&&Sonic Solutions&
[tifm21 / tifm21][Running/Manual Start]
&&&system32\drivers\tifm21.sys&&Texas Instruments&
==================================
浏览器加载项
[AcroIEHlprObj Class]
&&{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} &C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated&
[DriveLetterAccess]
&&{5CA3D70E-1895-11CF-8E15-} &C:\WINDOWS\system32\dla\tfswshx.dll, Sonic Solutions&
[NavigatMon Class]
&&{B69F34DD-F0F9-42DC-9EDD-8D} &D:\Program Files\360safe\safemon\safemon.dll, &
[Java Plug-in 1.5.0]
&&{08B0E5C0-4FCB-11CF-AAA5-} &C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll, Sun Microsystems, Inc.&
[Web反病毒统计]
&&{1FA94-4D71-9CA3-AA4ACF32ED8E} &C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll, Kaspersky Lab&
[信息检索(&R)]
&&{CC-41C8-B9BE-3C9C571A8263} &C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation&
&&{c95fe080-8f5d-11d2-a20b-00aa003c157b} &d:\Program Files\Tencent\QQ\QQ.EXE, TENCENT&
[Messenger]
&&{FB5Fd2-BB9E-00C04F795683} &C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation&
[金山快译(&K)]
&&{6CFEF-4cd4-B654-D3AE55B4128C} &D:\Program Files\FastAIT 2006\IEBand.dll, 金山软件股份有限公司&
[Download Class]
&&{0EA2D6B1-088F-4AF1-B4B7-9F} &C:\WINDOWS\Downloaded Program Files\SPDownload.dll, Eastman Kodak Company&
[DV8150_Densi.DV8150_DensiOcx]
&&{-3C21-4F64-9E0D-D} &C:\WINDOWS\Downloaded Program Files\DV8150_Densi.ocx, Health Imaging Division, Eastman Kodak&
[DV8150_SenState.DV8150_SenStateOcx]
&&{44BA68CA--BD2B-8B30A9FD7F6A} &C:\WINDOWS\Downloaded Program Files\DV8150_SenState.ocx, Health Imaging Division, Eastman Kodak&
[Windows Live Safety Center Base Module]
&&{5EDB-4DA9-BF44-BE107C0EC166} &C:\WINDOWS\Downloaded Program Files\wlscBase.dll, Microsoft Corporation&
[WUWebControl Class]
&&{6414512B-B978-451D-A0D8-FCFDF33E833C} &C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation&
[Java Plug-in 1.5.0]
&&{8AD9C840-044E-11D1-B3E9-} &C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll, Sun Microsystems, Inc.&
[ClientScript Class]
&&{B010C5E3-D2CB-479E-BEFD-D39ABAC6BDDA} &C:\WINDOWS\Downloaded Program Files\OcxClientScript.dll, Eastman Kodak Company&
[Tencent Safety Online Base Module]
&&{C09B522F-8AED-4E21-A65C-DC1AB652BAEE} &C:\WINDOWS\DOWNLO~1\TSOBase.ocx, Tencent Corporation&
[Java Plug-in 1.5.0]
&&{CAFEEFAC-00-ABCDEFFEDCBA} &C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll, Sun Microsystems, Inc.&
[Shockwave Flash Object]
&&{D27CDB6E-AE6D-11CF-96B8-} &C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.&
[AcroIEHlprObj Class]
&&{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} &C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated&
[Download Class]
&&{0EA2D6B1-088F-4AF1-B4B7-9F} &C:\WINDOWS\Downloaded Program Files\SPDownload.dll, Eastman Kodak Company&
[Windows Genuine Advantage Validation Tool]
&&{A-453E-A040-C7C580BBF700} &C:\WINDOWS\system32\legitcheckcontrol.dll, Microsoft Corporation&
[HTML Document]
&&{F9-11CF-8FD0-00AA00686F13} &%SystemRoot%\system32\mshtml.dll, N/A&
[Microsoft Licensed Class Manager 1.0]
&&{D-11CF-B347-00AA00A28331} &C:\WINDOWS\system32\licmgr10.dll, Microsoft Corporation&
[DriveLetterAccess]
&&{5CA3D70E-1895-11CF-8E15-} &C:\WINDOWS\system32\dla\tfswshx.dll, Sonic Solutions&
[Windows Live Safety Center Base Module]
&&{5EDB-4DA9-BF44-BE107C0EC166} &C:\WINDOWS\Downloaded Program Files\wlscBase.dll, Microsoft Corporation&
[WUWebControl Class]
&&{6414512B-B978-451D-A0D8-FCFDF33E833C} &C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation&
[Windows Media Player]
&&{6BF52A52-394A-11D3-B153-00C04F79FAA6} &C:\WINDOWS\system32\wmp.dll, Microsoft Corporation&
[金山快译(&K)]
&&{6CFEF-4CD4-B654-D3AE55B4128C} &D:\Program Files\FastAIT 2006\IEBand.dll, 金山软件股份有限公司&
[Windows Live Safety Center Control Module]
&&{8E5C8BEE-AC9-7C} &C:\Program Files\Windows Live Safety Center\wlscCtrl.dll, Microsoft Corporation&
[SearchAssistantOC]
&&{B45FF030--85DE-00C04FA35C89} &%SystemRoot%\system32\shdocvw.dll, N/A&
[NavigatMon Class]
&&{B69F34DD-F0F9-42DC-9EDD-8D} &D:\Program Files\360safe\safemon\safemon.dll, &
[Tencent Safety Online Base Module]
&&{C09B522F-8AED-4E21-A65C-DC1AB652BAEE} &C:\WINDOWS\DOWNLO~1\TSOBase.ocx, Tencent Corporation&
[Shockwave Flash Object]
&&{D27CDB6E-AE6D-11CF-96B8-} &C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.&
[Microsoft Common Dialog Control, version 6.0]
&&{FF2-101A-A3C9-FB} &C:\WINDOWS\system32\comdlg32.ocx, Microsoft Corporation&
[上传到QQ网络硬盘]
&&&D:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A&
[导出到 Microsoft Office Excel(&X)]
&&&res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A&
[添加到QQ自定义面板]
&&&D:\Program Files\Tencent\QQ\AddPanel.htm, N/A&
[添加到QQ表情]
&&&D:\Program Files\Tencent\QQ\AddEmotion.htm, N/A&
[添加到反广告黑名单]
&&&C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm, N/A&
[用QQ彩信发送该图片]
&&&D:\Program Files\Tencent\QQ\SendMMS.htm, N/A&
==================================
[ 本帖最后由 weijieM 于
10:30 编辑 ]
正在运行的进程
[PID: 644][\SystemRoot\System32\smss.exe]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
[PID: 748][\??\C:\WINDOWS\system32\csrss.exe]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
[PID: 508][C:\WINDOWS\Explorer.EXE]&&[Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]
& & [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scrchpg.dll]&&[Kaspersky Lab, 6.0.2.621]
& & [D:\Program Files\360safe\safemon\safemon.dll]&&[, 3, 4, 0, 1001]
& & [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll]&&[Kaspersky Lab, 6.0.2.621]
& & [C:\WINDOWS\system32\igfxpph.dll]&&[Intel Corporation, 3.0.0.4308]
& & [C:\WINDOWS\system32\hccutils.DLL]&&[Intel Corporation, 3.0.0.4308]
& & [C:\WINDOWS\system32\igfxres.dll]&&[Intel Corporation, 3.0.0.4308]
& & [C:\WINDOWS\system32\igfxress.dll]&&[Intel Corporation, 3.0.0.4308]
& & [C:\WINDOWS\system32\igfxsrvc.dll]&&[Intel Corporation, 3.0.0.4308]
& & [C:\Program Files\Sonic\RecordNow!\shlext.dll]&&[, 7.0.0.0]
& & [C:\Program Files\Sonic\RecordNow!\MSVCR70.dll]&&[Microsoft Corporation, 7.00.9466.0]
& & [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll]&&[Adobe Systems Incorporated, 7.0.0.]
& & [C:\WINDOWS\system32\MSVCR71.dll]&&[Microsoft Corporation, 7.10.3052.4]
[PID: 1144][C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe]&&[Analog Devices, Inc., 5, 0, 2, 2]
& & [D:\Program Files\360safe\safemon\safemon.dll]&&[, 3, 4, 0, 1001]
[PID: 1616][C:\WINDOWS\AGRSMMSG.exe]&&[Agere Systems, 2.1.51 2.1.51 03/04/:54]
[PID: 1668][C:\Program Files\Synaptics\SynTP\SynTPEnh.exe]&&[Synaptics, Inc., 8.0.13 17Jun05]
& & [C:\WINDOWS\system32\igfxsrvc.dll]&&[Intel Corporation, 3.0.0.4308]
& & [D:\Program Files\360safe\safemon\safemon.dll]&&[, 3, 4, 0, 1001]
& & [C:\WINDOWS\system32\igfxres.dll]&&[Intel Corporation, 3.0.0.4308]
[PID: 2072][C:\WINDOWS\system32\igfxpers.exe]&&[Intel Corporation, 3.0.0.4308]
& & [C:\WINDOWS\system32\igfxsrvc.dll]&&[Intel Corporation, 3.0.0.4308]
& & [D:\Program Files\360safe\safemon\safemon.dll]&&[, 3, 4, 0, 1001]
[PID: 2104][C:\WINDOWS\system32\dla\tfswctrl.exe]&&[Sonic Solutions, 1.04.08a]
& & [C:\WINDOWS\system32\tfswapi.dll]&&[Sonic Solutions, 1.04.08a]
& & [C:\WINDOWS\system32\dla\tfswcres.dll]&&[Sonic Solutions, 1.04.08a]
& & [D:\Program Files\360safe\safemon\safemon.dll]&&[, 3, 4, 0, 1001]
[PID: 2132][D:\Program Files\360safe\safemon\360Tray.exe]&&[奇虎网, 3, 4, 0, 1001]
& & [D:\Program Files\360safe\safemon\safemon.dll]&&[, 3, 4, 0, 1001]
& & [D:\Program Files\360safe\safemon\SafeKrnl.dll]&&[奇虎网, 3, 4, 0, 1001]
& & [D:\Program Files\360safe\AntiAdwa.dll]&&[, 3, 4, 0, 1001]
& & [D:\Program Files\360safe\live.dll]&&[, 1, 0, 1, 1015]
& & [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll]&&[Kaspersky Lab, 6.0.2.621]
& & [D:\Program Files\360safe\safemon\safemon.dll]&&[, 3, 4, 0, 1001]
[PID: 3680][C:\Program Files\Huawei technologies\HUAWEI Mobile Connect\HUAWEIDataCard.exe]&&[HUAWEI Technologies Co., Ltd., HOST08.25.01.100.1212]
& & [C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll]&&[Kaspersky Lab, 6.0.2.621]
& & [D:\Program Files\360safe\safemon\safemon.dll]&&[, 3, 4, 0, 1001]
& & [C:\Program Files\Huawei technologies\HUAWEI Mobile Connect\HostAPI.dll]&&[N/A, ]
& & [C:\PROGRA~1\KASPER~1\KASPER~1.0\prremote.dll]&&[Kaspersky Lab, 6.0.2.621]
& & [C:\PROGRA~1\KASPER~1\KASPER~1.0\MSVCP80.dll]&&[Microsoft Corporation, 8.00.50727.42]
& & [C:\PROGRA~1\KASPER~1\KASPER~1.0\MSVCR80.dll]&&[Microsoft Corporation, 8.00.50727.42]
& & [C:\PROGRA~1\KASPER~1\KASPER~1.0\prloader.dll]&&[Kaspersky Lab, 6.0.2.621]
& & [C:\PROGRA~1\KASPER~1\KASPER~1.0\prkernel.ppl]&&[Kaspersky Lab, 6.0.2.621]
& & [c:\progra~1\kasper~1\kasper~1.0\params.ppl]&&[Kaspersky Lab, 6.0.2.621]
[PID: 4024][D:\Program Files\Tencent\QQ\QQ.exe]&&[TENCENT, 0, 0, 0, 0]
& & [D:\Program Files\Tencent\QQ\QQBaseClassInDll.dll]&&[, 1, 0, 0, 1]
& & [D:\Program Files\Tencent\QQ\QQHelperDll.dll]&&[, 1, 0, 0, 1]
& & [D:\Program Files\Tencent\QQ\BasicCtrlDll.dll]&&[Tencent, 6, 0, 200, 320]
& & [D:\Program Files\Tencent\QQ\MFC42.DLL]&&[Microsoft Corporation, 6.00.8665.0]
& & [D:\Program Files\360safe\safemon\safemon.dll]&&[, 3, 4, 0, 1001]
& & [D:\Program Files\Tencent\QQ\RICHED32.DLL]&&[Microsoft Corporation, 5.00.2134.1]
& & [D:\Program Files\Tencent\QQ\RICHED20.dll]&&[Microsoft Corporation, 5.31.23.1218]
& & [D:\Program Files\Tencent\QQ\QQAPI.dll]&&[, 1, 0, 0, 1]
& & [d:\Program Files\Tencent\QQ\TIMProxy.dll]&&[tencent, 0, 3, 2, 4]
& & [D:\Program Files\Tencent\QQ\LoginCtrl.dll]&&[, 1, 0, 0, 1]
& & [D:\Program Files\Tencent\QQ\QQRes.dll]&&[tencent, 1, 0, 0, 1]
& & [D:\Program Files\Tencent\QQ\QQMainFrame.dll]&&[N/A, ]
& & [D:\Program Files\Tencent\QQ\CQQApplication.dll]&&[N/A, ]
& & [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll]&&[Kaspersky Lab, 6.0.2.621]
& & [D:\Program Files\Tencent\QQ\NewSkin.dll]&&[, 1, 0, 0, 1]
& & [D:\Program Files\Tencent\QQ\HostingMgr.dll]&&[, 1, 0, 0, 1]
& & [D:\Program Files\Tencent\QQ\CameraDll.dll]&&[, 1, 0, 0, 1]
& & [D:\Program Files\Tencent\QQ\MailSummary.dll]&&[, 1, 0, 0, 1]
& & [D:\Program Files\Tencent\QQ\QQKnowledgeSearch.dll]&&[, 1, 0, 0, 1]
& & [D:\Program Files\Tencent\QQ\QQAllInOne.dll]&&[N/A, ]
& & [D:\Program Files\Tencent\QQ\GroupLive.dll]&&[N/A, ]
& & [D:\Program Files\Tencent\QQ\SCCore.dll]&&[TENCENT, 2, 0, 0, 1]
& & [D:\Program Files\Tencent\QQ\gdiplus.dll]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
& & [D:\Program Files\Tencent\QQ\QQSpace.dll]&&[, 1, 0, 0, 1]
& & [D:\Program Files\Tencent\QQ\vbscript.dll]&&[Microsoft Corporation, 5.6.0.7426]
& & [C:\WINDOWS\system32\msdmo.dll]&&[, ]
& & [D:\Program Files\Tencent\QQ\QQGroupMng.dll]&&[, 1, 0, 0, 1]
& & [D:\Program Files\Tencent\QQ\QQSysMsgMng.dll]&&[N/A, ]
& & [D:\Program Files\Tencent\QQ\UserDefinedHead.dll]&&[, 1, 0, 0, 1]
& & [D:\Program Files\Tencent\QQ\QQPlugin.dll]&&[N/A, ]
& & [D:\Program Files\Tencent\QQ\QQConfigPlugin.dll]&&[, 1, 0, 0, 1]
& & [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scrchpg.dll]&&[Kaspersky Lab, 6.0.2.621]
& & [D:\Program Files\Tencent\QQ\QRingMng.dll]&&[N/A, ]
& & [D:\Program Files\Tencent\QQ\QQAvatar.dll]&&[N/A, ]
& & [D:\Program Files\Tencent\QQ\FlashAvatarDll.dll]&&[, 1, 4, 0, 1]
& & [D:\Program Files\Tencent\QQ\LongConnection.dll]&&[tencent, 5, 0, 200, 160]
& & [D:\Program Files\Tencent\QQ\PhoneAPI.dll]&&[, 1, 0, 0, 1]
& & [D:\Program Files\Tencent\QQ\DialerAllinOne.dll]&&[tencent, 1, 4, 0, 0]
& & [D:\Program Files\Tencent\QQ\QQPet.dll]&&[, 1, 0, 0, 1]
& & [D:\Program Files\Tencent\QQ\BQQApplication.dll]&&[N/A, ]
& & [D:\Program Files\Tencent\QQ\CommercesMng.dll]&&[, 1, 0, 0, 1]
& & [D:\Program Files\Tencent\QQ\PersonalDesktop.dll]&&[深圳市腾讯计算机系统公司QQ工作小组, 1, 0, 0, 2]
& & [D:\Program Files\Tencent\QQ\QQAddr.dll]&&[深圳市腾讯计算机系统有限公司, 5, 0, 101, 271]
& & [D:\Program Files\Tencent\QQ\npkcntc.dll]&&[INCA Internet Co., Ltd., , 1]
& & [D:\Program Files\Tencent\QQ\npkpdb.dll]&&[INCA Internet Co., Ltd., , 1]
& & [D:\Program Files\Tencent\QQ\QQSceneMng.dll]&&[N/A, ]
& & [D:\Program Files\Tencent\QQ\QQPhoneHelper.dll]&&[腾讯科技(深圳)有限公司, 2, 1, 9, 92]
[PID: 2648][d:\Program Files\Tencent\QQ\TIMPlatform.exe]&&[tencent, 0, 3, 1, 8]
& & [D:\Program Files\360safe\safemon\safemon.dll]&&[, 3, 4, 0, 1001]
& & [d:\Program Files\Tencent\QQ\TIMProxy.dll]&&[tencent, 0, 3, 2, 4]
[PID: 1308][C:\Program Files\Internet Explorer\iexplore.exe]&&[Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]
& & [D:\Program Files\360safe\safemon\safemon.dll]&&[, 3, 4, 0, 1001]
& & [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scrchpg.dll]&&[Kaspersky Lab, 6.0.2.621]
& & [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll]&&[Adobe Systems Incorporated, 7.0.0.]
& & [C:\WINDOWS\system32\MSVCR71.dll]&&[Microsoft Corporation, 7.10.3052.4]
& & [C:\WINDOWS\system32\dla\tfswshx.dll]&&[Sonic Solutions, 1.04.08a]
& & [C:\WINDOWS\system32\tfswapi.dll]&&[Sonic Solutions, 1.04.08a]
& & [C:\WINDOWS\system32\dla\tfswcres.dll]&&[Sonic Solutions, 1.04.08a]
& & [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]&&[Adobe Systems, Inc., 7.0.0.0]
& & [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll]&&[Kaspersky Lab, 6.0.2.621]
& & [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\klscav.dll]&&[Kaspersky Lab, 6.0.2.621]
& & [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\MSVCR80.dll]&&[Microsoft Corporation, 8.00.50727.42]
& & [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\prremote.dll]&&[Kaspersky Lab, 6.0.2.621]
& & [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\MSVCP80.dll]&&[Microsoft Corporation, 8.00.50727.42]
& & [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\prloader.dll]&&[Kaspersky Lab, 6.0.2.621]
& & [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\prkernel.ppl]&&[Kaspersky Lab, 6.0.2.621]
& & [c:\program files\kaspersky lab\kaspersky internet security 6.0\params.ppl]&&[Kaspersky Lab, 6.0.2.621]
& & [c:\program files\kaspersky lab\kaspersky internet security 6.0\pxstub.ppl]&&[Kaspersky Lab, 6.0.2.621]
& & [c:\program files\kaspersky lab\kaspersky internet security 6.0\tempfile.ppl]&&[Kaspersky Lab, 6.0.2.621]
& & [c:\program files\kaspersky lab\kaspersky internet security 6.0\nfio.ppl]&&[Kaspersky Lab, 6.0.2.621]
& & [c:\program files\kaspersky lab\kaspersky internet security 6.0\fsdrvplgn.ppl]&&[Kaspersky Lab, 6.0.2.621]
& & [c:\program files\kaspersky lab\kaspersky internet security 6.0\basegui.ppl]&&[Kaspersky Lab, 6.0.2.621]
& & [c:\program files\kaspersky lab\kaspersky internet security 6.0\thpimpl.ppl]&&[Kaspersky Lab, 6.0.2.621]
& & [c:\program files\kaspersky lab\kaspersky internet security 6.0\FSSync.dll]&&[Kaspersky Lab, 6.0.5.621]
& & [c:\program files\kaspersky lab\kaspersky internet security 6.0\winreg.ppl]&&[Kaspersky Lab, 6.0.2.621]
[PID: 3328][F:\反病毒木马工具\sreng2\SREng.EXE]&&[Smallfrogs Studio, 2.4.12.806]
& & [D:\Program Files\360safe\safemon\safemon.dll]&&[, 3, 4, 0, 1001]
& & [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll]&&[Kaspersky Lab, 6.0.2.621]
==================================
.TXT&&OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE&&OK. [&%1& %*]
.COM&&OK. [&%1& %*]
.PIF&&OK. [&%1& %*]
.REG&&OK. [regedit.exe &%1&]
.BAT&&OK. [&%1& %*]
.SCR&&OK. [&%1& /S]
.CHM&&OK. [&C:\WINDOWS\hh.exe& %1]
.HLP&&OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI&&OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF&&OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS&&OK. [%SystemRoot%\System32\WScript.exe &%1& %*]
.JS& &OK. [%SystemRoot%\System32\WScript.exe &%1& %*]
.LNK&&OK. [{0-}]
==================================
Winsock 提供者
==================================
Autorun.inf
==================================
HOSTS 文件
127.0.0.1& && & localhost
==================================
RVA&&错误: LoadLibraryA (危险等级: 一般,&&被下面模块所HOOK: Dest Addr: 0xAAE1EAF0)
RVA&&错误: LoadLibraryExA (危险等级: 一般,&&被下面模块所HOOK: Dest Addr: 0xAAE1ECD0)
RVA&&错误: LoadLibraryExW (危险等级: 一般,&&被下面模块所HOOK: Dest Addr: 0xAAE1EE30)
RVA&&错误: LoadLibraryW (危险等级: 一般,&&被下面模块所HOOK: Dest Addr: 0xAAE1EBE0)
入口点错误:CreateProcessA (危险等级: 一般,&&被下面模块所HOOK: D:\Program Files\360safe\safemon\safemon.dll)
入口点错误:CreateProcessW (危险等级: 一般,&&被下面模块所HOOK: D:\Program Files\360safe\safemon\safemon.dll)
RVA&&错误: GetProcAddress (危险等级: 高,&&被下面模块所HOOK: Dest Addr: 0xAAE1EDE0)
==================================
==================================
我看报告的技术不是很好,但预测一下应该没问题....
PS:LZ当我没说,看LX的解答
楼主觉得自己中毒了?
c:\windows\system32\igfxtray.exe
c:\windows\system32\hkcmd.exe
启动项目 -- 注册表之如下项删除:
[IgfxTray]& & &C:\WINDOWS\system32\igfxtray.exe&
[HotKeysCmds]& & &C:\WINDOWS\system32\hkcmd.exe&
你的主板要是集成显卡的话 不要删除!!!记住是集成显卡不必删除!!
其它没什么了!!!
谢谢解答!我的是笔记本。
原帖由 zhaonimm 于
10:06 发表
c:\windows\system32\igfxtray.exe
c:\windows\system32\hkcmd.exe
启动项目 -- 注册表之如下项删除:
[HotKeysCmds]& &
你的主板要是集成显卡的话 不要删除!!!记住是集成显卡不必删除!!
这两个是Intel的显卡文件...
Copyright & KaFan & All Rights Reserved.
Powered by Discuz! X3.1( 苏ICP备号 ) GMT+8,
