打印

[求助] 急!金山毒霸的文件实时防毒,邮件监控,及恶意行为拦截功能被关闭!

酸溜溜227

新兵

积分: 2
威望: 4
元宝: 0
铜钱: 4

1楼大中小发表于 2008-6-25 10:53 只看该作者

急!金山毒霸的文件实时防毒,邮件监控,及恶意行为拦截功能被关闭!

j急!金山毒霸的文件实时防毒,邮件监控,及恶意行为拦截功能被关闭!下面是系统诊断报告,麻烦大家帮我看看!金山清理专家系统诊断报告

该诊断报告由金山清理专家提供 http://www.duba.net
==============================================================

诊断时间:          2008-06-25, 09:43
诊断平台:          Windows 2000 [5.0.2195] Service Pack 4
IE版本:             Internet Explorer V6.0.1106.2800
计算机物理内存:    502(MB)
当前可用内存:       189(MB)
硬盘总大小:       74(GB)
硬盘可用空间:       65(GB)
清理专家版本:       2008.05.30.14
恶意软件库版本:    2008.06.03.1
漏洞库版本:       2008.06.02.1

==============================================================
      App Init DLLs
==============================================================

该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
      [AppInit_DLLs]       <  >

==============================================================
      启动文件夹位置
==============================================================

Common Startup:    C:\Documents and Settings\All Users\「开始」菜单\程序\启动
Startup:          C:\Documents and Settings\yznh\「开始」菜单\程序\启动
Common Startup:    %ALLUSERSPROFILE%\「开始」菜单\程序\启动

==============================================================
      Host File
==============================================================

127.0.0.1    localhost

==============================================================
      驱动程序
==============================================================

该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32

      [msacm.l3acm] [已启用]       <C:\WINNT\system32\l3codeca.acm>

--------------------------------------------------------------
该项来源: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services

      [KBaseZS] [已禁用]          <\??\C:\Documents and Settings\yznh\Local Settings\Temporary Internet Files\Content.IE5\ID6NXR23\KBaseZS.sys>

==============================================================
      当前进程
==============================================================

名称:    DubaTool_AV_Killer742[1].COM  [已启用]
命令行: "C:\Documents and Settings\yznh\Local Settings\Temporary Internet Files\Content.IE5\ID6NXR23\DubaTool_AV_Killer742[1].COM"
文件路径: C:\Documents and Settings\yznh\Local Settings\Temporary Internet Files\Content.IE5\ID6NXR23\DubaTool_AV_Killer742[1].COM  [文件无法访问]
模块文件: C:\WINNT\system32\ntdll.dll                (Microsoft Corporation)
模块文件: C:\WINNT\system32\KERNEL32.DLL             (Microsoft Corporation)
模块文件: C:\WINNT\system32\ADVAPI32.dll             (Microsoft Corporation)
模块文件: C:\WINNT\system32\RPCRT4.dll                (Microsoft Corporation)
模块文件: C:\WINNT\system32\Secur32.dll                (Microsoft Corporation)
模块文件: C:\WINNT\system32\COMCTL32.dll             (Microsoft Corporation)
模块文件: C:\WINNT\system32\GDI32.dll                (Microsoft Corporation)
模块文件: C:\WINNT\system32\USER32.dll                (Microsoft Corporation)
模块文件: C:\WINNT\system32\comdlg32.dll             (Microsoft Corporation)
模块文件: C:\WINNT\system32\SHLWAPI.DLL                (Microsoft Corporation)
模块文件: C:\WINNT\system32\msvcrt.dll                (Microsoft Corporation)
模块文件: C:\WINNT\system32\SHELL32.DLL                (Microsoft Corporation)
模块文件: C:\WINNT\system32\ole32.dll                (Microsoft Corporation)
模块文件: C:\WINNT\system32\OLEAUT32.dll             (Microsoft Corporation)
模块文件: C:\WINNT\system32\oledlg.dll                (Microsoft Corporation)
模块文件: C:\WINNT\system32\PSAPI.DLL                (Microsoft Corporation)
模块文件: C:\WINNT\system32\VERSION.dll                (Microsoft Corporation)
模块文件: C:\WINNT\system32\LZ32.DLL                   (Microsoft Corporation)
模块文件: C:\WINNT\system32\WININET.dll                (Microsoft Corporation)
模块文件: C:\WINNT\system32\CRYPT32.dll                (Microsoft Corporation)
模块文件: C:\WINNT\system32\MSASN1.dll                (Microsoft Corporation)
模块文件: C:\WINNT\system32\WINSPOOL.DRV             (Microsoft Corporation)
模块文件: C:\WINNT\system32\MPR.DLL                   (Microsoft Corporation)
模块文件: C:\WINNT\system32\IMM32.DLL                (Microsoft Corporation)
模块文件: C:\WINNT\system32\LPK.DLL                   (Microsoft Corporation)
模块文件: C:\WINNT\system32\USP10.dll                (Microsoft Corporation)

TOP

vistalong

爱毒霸社区缉毒队

积分: 2568
威望: 5445
元宝: 5
铜钱: 3413

安全之星勋章周刊评论员

2楼大中小发表于 2008-6-25 12:47 只看该作者

下载sreng：http://www.kztechs.com/sreng/sreng990.zip

解压sreng990.rar-->打开SREngLdr.EXE-->按"确定"两次-->智能扫描-->扫描-->保存报告

保存到桌面
将 SREngLOG.log 中内容完整的复制粘贴到论坛上来(快捷提示：ctrl+a全选，ctrl+c复制,ctrl+v粘贴)，不要修改
如无法运行，请重命名文件夹名和文件名，如abc.exe/abc.com/abc.bat/abc.scr/abc.pif等
注意：扫描前请尽量关闭QQ、游戏、下载工具、媒体播放器等应用程序。

TOP

甜蜜蜜227

新兵

积分: 3
威望: 6
元宝: 0
铜钱: 4

3楼大中小发表于 2008-6-26 16:33 只看该作者

回复 2楼的帖子

复制内容到剪贴板

代码:

2008-06-25,13:06:00



System Repair Engineer 2.6.10.990

Smallfrogs (http://www.KZTechs.com)



Windows 2000 Professional Service Pack 4 (Build 2195) - 管理权限用户 - 完整功能



以下内容被选中：

    所有的启动项目（包括注册表、启动文件夹、服务等）

    浏览器加载项

    正在运行的进程（包括进程模块信息）

    文件关联

    Winsock 提供者

    Autorun.inf

    HOSTS 文件

    进程特权扫描





启动项目

注册表

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

    <Internat.exe><internat.exe>  [(Verified)Microsoft Windows 2000 Publisher]

    <KavPFW><"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KPFW32.EXE" -startup>  [(Verified)KINGSOFT CORPORATION]

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]

    <load><>  [N/A]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

    <Synchronization Manager><mobsync.exe /logon>  [(Verified)Microsoft Windows 2000 Publisher]

    <HotKeysCmds><C:\WINNT\system32\hkcmd.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]

    <Persistence><C:\WINNT\system32\igfxpers.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]

    <RTHDCPL><RTHDCPL.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]

    <Alcmtr><ALCMTR.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]

    <Sursen Live Update><"C:\WINNT\system32\SursenLiveUpdate\LiveUpdate.exe">  [Sursen]

    <TaxKeyManager><C:\Program Files\95599 Certificate Tools\SHANGHAI TAX\TaxKeyManager.exe>  []

    <KavStart><"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVStart.exe" -startup>  [(Verified)KINGSOFT CORPORATION]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

    <shell><Explorer.exe>  [(Verified)Microsoft Windows 2000 Publisher]

    <Userinit><C:\WINNT\system32\userinit.exe>  [(Verified)Microsoft Windows 2000 Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

    <WinlogonNotify: igfxcui><igfxdev.dll>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]

    <Windows Media Player><C:\WINNT\system32\setup\wmpocm.exe /ShowWMP>  [(Verified)Microsoft Windows 2000 Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]

    <Internet Explorer 访问><"C:\WINNT\system32\shmgrate.exe" OCInstallUserConfigIE>  [File is missing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]

    <Outlook Express 访问><"C:\WINNT\system32\shmgrate.exe" OCInstallUserConfigOE>  [File is missing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]

    <Microsoft Windows Media Player 6.4><rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\mplayer2.inf,PerUserStub.NT>  [(Verified)Microsoft Windows 2000 Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]

    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]

    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows 2000 Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]

    <Microsoft Windows Media Player 7><rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\wmp.inf,PerUserStub>  []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]

    <Address Book 5><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]

    <CRLUpdate><%SystemRoot%\system32\updcrl.exe -e -u %SystemRoot%\system32\verisignpub1.crl>  [File is missing]



==================================

启动文件夹

[Microsoft Office]

  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Microsoft Office.lnk --> C:\PROGRA~1\MICROS~2\Office\OSA9.EXE [Microsoft Corporation]><N>



==================================

服务

[Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]

  <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>

[HD_CertService / HD_CertService][Running/Auto Start]

  <C:\Program Files\95599 Certificate Tools\CIDC\HD_CertService.exe><>

[Kingsoft Personal Firewall Service / KPfwSvc][Running/Auto Start]

  <"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KPfwSvc.EXE"><Kingsoft Corporation>

[WMDM PMSP Service / WMDM PMSP Service][Running/Auto Start]

  <C:\WINNT\system32\mspmspsv.exe><Microsoft Corporation>



==================================

驱动程序

CIDCUSB][Stopped/Manual Start]

  <System32\Drivers\cidcusb.sys><CIDC.>

[dmboot / dmboot][Stopped/Disabled]

  <System32\drivers\dmboot.sys><VERITAS Software Corp.>

[Logical Disk Manager Driver / dmio][Running/Boot Start]

  <\SystemRoot\System32\drivers\dmio.sys><VERITAS Software Corp.>

[dmload / dmload][Running/Boot Start]

  <\SystemRoot\System32\drivers\dmload.sys><VERITAS Software Corp.>

[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start]

  <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>

[ialm / ialm][Running/Manual Start]

  <system32\DRIVERS\igxpmp32.sys><Intel Corporation>

[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]

  <system32\drivers\RtkHDAud.sys><Realtek Semiconductor Corp.>

[KAVBase / KAVBase][Running/Auto Start]

  <\??\C:\WINNT\system32\Drivers\KAVBase.sys><Kingsoft Corporation>

[KAVBootC / KAVBootC][Running/Boot Start]

  <\SystemRoot\system32\Drivers\KAVBootC.sys><Kingsoft Corporation>

[KAVSafe / KAVSafe][Running/Auto Start]

  <\??\C:\WINNT\system32\Drivers\KAVSafe.sys><Kingsoft Corporation>

[KNetWch / KNetWch][Running/System Start]

  <\??\C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KNetWch.SYS><Kingsoft Corporation>

[KWatch3 / KWatch3][Running/Auto Start]

  <\??\C:\WINNT\system32\Drivers\KWatch3.sys><Kingsoft Corporation>

[Direct Parallel Link Driver / Ptilink][Running/Manual Start]

  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>

[Realtek 10/100/1000 PCI NIC Family NDIS NT Driver / RTL8023][Running/Manual Start]

  <system32\DRIVERS\Rtnic.sys><Realtek Semiconductor Corporation>

[KBaseZS / KBaseZS][Running/Disabled]

  <\??\C:\Documents and Settings\yznh\Local Settings\Temporary Internet Files\Content.IE5\ID6NXR23\KBaseZS.sys><N/A>



==================================

浏览器加载项

[QQCycloneHelper Class]

  {00000000-12C9-4305-82F9-43058F20E8D2} <C:\Program Files\Tencent\QQDownload\QQIEHelper02.dll, 腾讯公司>

[kingsoft browser shield]

  {D963BE1A-6B35-47DB-B002-49FAE71D85CC} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL, Kingsoft Corporation>

[IEBuddyExtControl Class]

  {3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL, Kingsoft Corporation>

[@shdoclc.dll,-866]

  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>

[@msdxmLC.dll,-1@2052,电台(&R)]

  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\system32\msdxm.ocx, Microsoft Corporation>

[EditCtrl Class]

  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINNT\system32\aliedit\aliedit.dll, >

[WUWebControl Class]

  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINNT\system32\wuweb.dll, Microsoft Corporation>

[CCtInf Class]

  {6DBB2904-082D-4DB0-944A-21C22BA121F4} <C:\WINNT\system32\BANKCE~1.DLL, >

[Shockwave Flash Object]

  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>

[PasswordEditCtrl Class]

  {E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINNT\system32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>

[&使用超级旋风下载]

  <C:\Program Files\Tencent\QQDownload\geturl.htm, N/A>

[&使用超级旋风下载全部链接]

  <C:\Program Files\Tencent\QQDownload\getAllurl.htm, N/A>

[添加到QQ表情]

  <C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>



==================================

正在运行的进程

[PID: 204][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.00.2195.6601]

[PID: 236][\??\C:\WINNT\system32\csrss.exe]  [Microsoft Corporation, 5.00.2195.6601]

[PID: 232][\??\C:\WINNT\system32\winlogon.exe]  [Microsoft Corporation, 5.00.2195.6997]

    [C:\WINNT\system32\wdmaud.drv]  [Microsoft Corporation, 5.00.2195.6673]

    [C:\WINNT\system32\msacm32.drv]  [Microsoft Corporation, 5.00.2134.1]

[PID: 284][C:\WINNT\system32\services.exe]  [Microsoft Corporation, 5.00.2195.7035]

    [C:\WINNT\system32\dmserver.dll]  [VERITAS Software Corp., 2195.6605.297.3]

[PID: 296][C:\WINNT\system32\lsass.exe]  [Microsoft Corporation, 5.00.2195.7011]

[PID: 496][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]

[PID: 524][C:\WINNT\system32\spoolsv.exe]  [Microsoft Corporation, 5.00.2195.7059]

    [C:\WINNT\system32\HPBMMON.DLL]  [Hewlett-Packard, 10.00.14]

    [C:\WINNT\system32\hpdomon.dll]  [Hewlett-Packard, 03.42.00]

    [C:\WINNT\system32\HPBHealr.dll]  [N/A, ]

    [C:\Program Files\Network Print Monitor\Driver.DLL]  [, 4, 3, 23, 1]

[PID: 556][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]

    [C:\WINNT\system32\unimdm.tsp]  [Microsoft Corporation, 5.00.2195.6601]

    [C:\WINNT\system32\kmddsp.tsp]  [Microsoft Corporation, 5.00.2150.1]

    [C:\WINNT\system32\ndptsp.tsp]  [Microsoft Corporation, 5.00.2143.1]

    [C:\WINNT\system32\ipconf.tsp]  [Microsoft Corporation, 5.00.2143.1]

    [C:\WINNT\system32\h323.tsp]  [Microsoft Corporation, 5.00.2195.6901]

[PID: 572][C:\Program Files\95599 Certificate Tools\CIDC\HD_CertService.exe]  [, 1, 0, 0, 4]

[PID: 584][C:\WINNT\system32\hidserv.exe]  [Microsoft Corporation, 5.00.2195.6655]

[PID: 628][C:\WINNT\system32\regsvc.exe]  [Microsoft Corporation, 5.00.2195.6701]

[PID: 648][C:\WINNT\system32\MSTask.exe]  [Microsoft Corporation, 4.71.2195.6972]

[PID: 712][C:\WINNT\System32\WBEM\WinMgmt.exe]  [Microsoft Corporation, 1.50.1085.0100]

[PID: 748][C:\WINNT\system32\mspmspsv.exe]  [Microsoft Corporation, 7.10.00.3059]

[PID: 760][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]

    [C:\WINNT\system32\wups2.dll]  [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]

[PID: 896][C:\WINNT\Explorer.EXE]  [Microsoft Corporation, 5.00.3700.6690]

    [C:\WINNT\AppPatch\AcLayers.DLL]  [Microsoft Corporation, 5.00.2195.6717]

    [C:\WINNT\system32\wdmaud.drv]  [Microsoft Corporation, 5.00.2195.6673]

    [C:\WINNT\system32\msacm32.drv]  [Microsoft Corporation, 5.00.2134.1]

    [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL]  [Kingsoft Corporation, 2008,04,02,5]

    [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll]  [Kingsoft Corporation, 2008,04,22,364]

    [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\MFC80U.DLL]  [Microsoft Corporation, 8.00.50727.762]

    [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]

    [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.762]

    [C:\WINNT\system32\MFC80CHS.DLL]  [Microsoft Corporation, 8.00.50727.762]

    [C:\WINNT\system32\igfxpph.dll]  [Intel Corporation, 3.0.0.4642]

    [C:\WINNT\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.4642]

    [C:\WINNT\system32\igfxres.dll]  [Intel Corporation, 3.0.0.4642]

    [C:\WINNT\system32\igfxress.dll]  [Intel Corporation, 3.0.0.4642]

    [C:\WINNT\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.4642]

[PID: 1040][C:\WINNT\system32\hkcmd.exe]  [Intel Corporation, 3.0.0.4642]

    [C:\WINNT\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.4642]

    [C:\WINNT\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.4642]

    [C:\WINNT\system32\igfxres.dll]  [Intel Corporation, 3.0.0.4642]

[PID: 1076][C:\WINNT\system32\igfxpers.exe]  [Intel Corporation, 3.0.0.4642]

    [C:\WINNT\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.4642]

[PID: 1092][C:\WINNT\RTHDCPL.EXE]  [Realtek Semiconductor Corp., 2.1.3.9]

    [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL]  [Kingsoft Corporation, 2008,04,02,5]

    [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll]  [Kingsoft Corporation, 2008,04,22,364]

    [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\MFC80U.DLL]  [Microsoft Corporation, 8.00.50727.762]

    [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]

    [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.762]

    [C:\WINNT\system32\MFC80CHS.DLL]  [Microsoft Corporation, 8.00.50727.762]

    [C:\WINNT\system32\wdmaud.drv]  [Microsoft Corporation, 5.00.2195.6673]

    [C:\WINNT\system32\msacm32.drv]  [Microsoft Corporation, 5.00.2134.1]

[PID: 1140][C:\WINNT\system32\SursenLiveUpdate\LiveUpdate.exe]  [Sursen, 1,0,1026,12276]

    [C:\WINNT\system32\SursenLiveUpdate\LiveUpdate.dll]  [Sursen, 1,0,1026,12276]

    [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL]  [Kingsoft Corporation, 2008,04,02,5]

    [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll]  [Kingsoft Corporation, 2008,04,22,364]

    [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\MFC80U.DLL]  [Microsoft Corporation, 8.00.50727.762]

    [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]

    [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.762]

    [C:\WINNT\system32\MFC80CHS.DLL]  [Microsoft Corporation, 8.00.50727.762]

[PID: 1104][C:\Program Files\95599 Certificate Tools\SHANGHAI TAX\TaxKeyManager.exe]  [, 2, 2, 0, 1]

[PID: 1168][C:\Program Files\95599 Certificate Tools\CIDC\RegCertTool.exe]  [CIDC, 1, 0, 0, 12]

    [C:\WINNT\system32\HDIFD20B.dll]  [CIDC., 1, 0, 17, 29]

[PID: 1200][C:\WINNT\system32\internat.exe]  [Microsoft Corporation, 5.00.2920.0000]

    [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL]  [Kingsoft Corporation, 2008,04,02,5]

    [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll]  [Kingsoft Corporation, 2008,04,22,364]

    [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\MFC80U.DLL]  [Microsoft Corporation, 8.00.50727.762]

    [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]

    [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.762]

    [C:\WINNT\system32\MFC80CHS.DLL]  [Microsoft Corporation, 8.00.50727.762]

[PID: 1468][C:\WINNT\system32\wuauclt.exe]  [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]

    [C:\WINNT\system32\wucltui.dll]  [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]

    [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL]  [Kingsoft Corporation, 2008,04,02,5]

    [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll]  [Kingsoft Corporation, 2008,04,22,364]

    [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\MFC80U.DLL]  [Microsoft Corporation, 8.00.50727.762]

    [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]

    [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.762]

    [C:\WINNT\system32\MFC80CHS.DLL]  [Microsoft Corporation, 8.00.50727.762]

    [C:\WINNT\system32\wups2.dll]  [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]

    [C:\WINNT\system32\wucltui.dll.mui]  [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]

[PID: 920][C:\WINNT\system32\conime.exe]  [Microsoft Corporation, 5.00.2195.6655]

    [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL]  [Kingsoft Corporation, 2008,04,02,5]

    [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll]  [Kingsoft Corporation, 2008,04,22,364]

    [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\MFC80U.DLL]  [Microsoft Corporation, 8.00.50727.762]

    [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]

    [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.762]

    [C:\WINNT\system32\MFC80CHS.DLL]  [Microsoft Corporation, 8.00.50727.762]

[PID: 1424][C:\Program Files\SogouInput\PinyinUp.exe]  [N/A, ]

    [C:\Program Files\SogouInput\HWSignature.dll]  [N/A, ]

    [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL]  [Kingsoft Corporation, 2008,04,02,5]

    [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll]  [Kingsoft Corporation, 2008,04,22,364]

    [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\MFC80U.DLL]  [Microsoft Corporation, 8.00.50727.762]

    [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]

    [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.762]

    [C:\WINNT\system32\MFC80CHS.DLL]  [Microsoft Corporation, 8.00.50727.762]

[PID: 1548][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2800.1106]

    [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL]  [Kingsoft Corporation, 2008,04,02,5]

    [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll]  [Kingsoft Corporation, 2008,04,22,364]

    [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\MFC80U.DLL]  [Microsoft Corporation, 8.00.50727.762]

    [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]

    [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.762]

    [C:\WINNT\system32\MFC80CHS.DLL]  [Microsoft Corporation, 8.00.50727.762]

    [C:\Program Files\Tencent\QQDownload\QQIEHelper02.dll]  [腾讯公司, 1, 1, 0, 5]

    [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL]  [Kingsoft Corporation, 2008,04,15,2]

    [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddy.dll]  [Kingsoft Corporation, 2008,04,15,2]

    [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL]  [Kingsoft Corporation, 2008,05,26,109]

    [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KANTray.dll]  [Kingsoft Corporation, 2008,04,15,2]

    [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVAFish.DLL]  [Kingsoft Corporation, 2008,05,26,109]

    [C:\WINNT\system32\Macromed\Flash\Flash9f.ocx]  [Adobe Systems, Inc., 9,0,124,0]

    [C:\WINNT\system32\wdmaud.drv]  [Microsoft Corporation, 5.00.2195.6673]

    [C:\WINNT\system32\msacm32.drv]  [Microsoft Corporation, 5.00.2134.1]

    [C:\WINNT\system32\msadp32.acm]  [Microsoft Corporation, 5.00.2134.1]

[PID: 2896][C:\WINNT\system32\NOTEPAD.EXE]  [Microsoft Corporation, 5.00.2140.1]

    [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL]  [Kingsoft Corporation, 2008,04,02,5]

    [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll]  [Kingsoft Corporation, 2008,04,22,364]

    [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\MFC80U.DLL]  [Microsoft Corporation, 8.00.50727.762]

    [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]

    [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.762]

    [C:\WINNT\system32\MFC80CHS.DLL]  [Microsoft Corporation, 8.00.50727.762]

    [C:\WINNT\system32\spool\DRIVERS\W32X86\3\HPBF252E.DLL]  [Hewlett-Packard Company, 4.20.0.400]

    [C:\WINNT\system32\spool\DRIVERS\W32X86\3\HPBF252G.DLL]  [Hewlett-Packard Company, 4.20.0.400]

[PID: 1016][C:\Program Files\Tencent\QQDownload\QQDownload.exe]  [Tencent Technology (Shenzhen) Company Limited, 1, 8, 201, 201]

    [C:\WINNT\system32\MSVCP60.dll]  [Microsoft Corporation, 6.02.3104.0]

    [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL]  [Kingsoft Corporation, 2008,04,02,5]

    [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll]  [Kingsoft Corporation, 2008,04,22,364]

    [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\MFC80U.DLL]  [Microsoft Corporation, 8.00.50727.762]

    [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]

    [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.762]

    [C:\WINNT\system32\MFC80CHS.DLL]  [Microsoft Corporation, 8.00.50727.762]

    [C:\Program Files\Tencent\QQDownload\xmain.dll]  [Tencent Technology (Shenzhen) Company Limited, 1, 8, 202, 202]

    [C:\Program Files\Tencent\QQ\TIMProxy.dll]  [tencent, 0, 3, 2, 4]

    [C:\Program Files\Tencent\QQDownload\xcore.dll]  [Tencent Technology(Shenzhen) Company Limited, 2, 1, 101, 90]

    [C:\WINNT\system32\wdmaud.drv]  [Microsoft Corporation, 5.00.2195.6673]

    [C:\WINNT\system32\msacm32.drv]  [Microsoft Corporation, 5.00.2134.1]

    [C:\WINNT\system32\msadp32.acm]  [Microsoft Corporation, 5.00.2134.1]

[PID: 2976][C:\Program Files\WinRAR\WinRAR.exe]  [Alexander Roshal, 3.42]

    [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL]  [Kingsoft Corporation, 2008,04,02,5]

    [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll]  [Kingsoft Corporation, 2008,04,22,364]

    [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\MFC80U.DLL]  [Microsoft Corporation, 8.00.50727.762]

    [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]

    [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.762]

    [C:\WINNT\system32\MFC80CHS.DLL]  [Microsoft Corporation, 8.00.50727.762]

[PID: 2672][C:\DOCUME~1\yznh\LOCALS~1\Temp\Rar$EX04.281\SREngLdr.EXE]  [Smallfrogs Studio, 2.6.10.990]

[PID: 2836][C:\DOCUME~1\yznh\LOCALS~1\Temp\Rar$EX04.281\SREdc6d9ae.EXE]  [Smallfrogs Studio, 2.6.10.990]

    [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL]  [Kingsoft Corporation, 2008,04,02,5]

    [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll]  [Kingsoft Corporation, 2008,04,22,364]

    [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\MFC80U.DLL]  [Microsoft Corporation, 8.00.50727.762]

    [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]

    [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.762]

    [C:\WINNT\system32\MFC80CHS.DLL]  [Microsoft Corporation, 8.00.50727.762]

    [C:\WINNT\system32\MSISIP.DLL]  [Microsoft Corporation, 3.1.4000.1823]

    [C:\WINNT\system32\wshCHS.DLL]  [Microsoft Corporation, 5.6.0.6626]



==================================

文件关联

.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]

.EXE  OK. ["%1" %*]

.COM  OK. ["%1" %*]

.PIF  OK. ["%1" %*]

.REG  OK. [regedit.exe "%1"]

.BAT  OK. ["%1" %*]

.SCR  OK. ["%1" /S]

.CHM  Error. ["hh.exe" %1]

.HLP  Error. [winhlp32.exe %1]

.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]

.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]

.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]

.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]

.LNK  OK. [{00021401-0000-0000-C000-000000000046}]



==================================

Winsock 提供者

N/A



==================================

Autorun.inf

N/A



==================================

HOSTS 文件

127.0.0.1       localhost



==================================

进程特权扫描

特殊特权被允许： SeLoadDriverPrivilege [PID = 572, C:\PROGRAM FILES\95599 CERTIFICATE TOOLS\CIDC\HD_CERTSERVICE.EXE]

特殊特权被允许： SeLoadDriverPrivilege [PID = 748, C:\WINNT\SYSTEM32\MSPMSPSV.EXE]

特殊特权被允许： SeLoadDriverPrivilege [PID = 1140, C:\WINNT\SYSTEM32\SURSENLIVEUPDATE\LIVEUPDATE.EXE]

特殊特权被允许： SeLoadDriverPrivilege [PID = 1104, C:\PROGRAM FILES\95599 CERTIFICATE TOOLS\SHANGHAI TAX\TAXKEYMANAGER.EXE]

特殊特权被允许： SeLoadDriverPrivilege [PID = 1168, C:\PROGRAM FILES\95599 CERTIFICATE TOOLS\CIDC\REGCERTTOOL.EXE]

特殊特权被允许： SeLoadDriverPrivilege [PID = 1016, C:\PROGRAM FILES\TENCENT\QQDOWNLOAD\QQDOWNLOAD.EXE]

特殊特权被允许： SeLoadDriverPrivilege [PID = 2976, C:\PROGRAM FILES\WINRAR\WINRAR.EXE]

特殊特权被允许： SeLoadDriverPrivilege [PID = 2672, C:\DOCUME~1\YZNH\LOCALS~1\TEMP\RAR$EX04.281\SRENGLDR.EXE]



==================================

API HOOK

N/A



==================================

隐藏进程

N/A



==================================

奇怪，我注册的酸溜溜怎么没法发新帖，只好重新注册一个！麻烦你再帮我看看好吗？