20CN网络安全小组论坛 - 菜鸟乐园 - 求救!我好象中毒了,发现不明文件RES各位大哥大姐,救命啊!

论坛: 菜鸟乐园标题: 求救!我好象中毒了,发现不明文件RES各位大哥大姐,救命啊!

作者: mgj456 [mgj456]

论坛用户

我的机子是联想的,系统为XP的.发现最近上网奇慢,机子也蛮卡的,内存占用率奇高.250的还有几了,而且有好多网页都看不全,有好多图片之类的不能显示,刷新一下或好多下才能正常.用ACTIVE PORTS 看了一下1985端口老开着,是一个RES的文件占用的它的IP是611.177.56.131 端口 80 而且TIME_WAIT我也没有啊怎么老开127.0.0.1的
具体的情况如下:
Unknown 0 127.0.0.1 4630 127.0.0.1 2134 TIME_WAIT TCP
System 4 192.168.0.26 138 LISTEN UDP
System 4 192.168.0.26 137 LISTEN UDP
System 4 0.0.0.0 445 LISTEN UDP
System 4 192.168.0.26 139 LISTEN TCP
System 4 0.0.0.0 445 LISTEN TCP
res.exe 344 192.168.100.215 1985 61.177.56.231 80 CLOSE_WAIT TCP C:\WINDOWS\system32\res.exe
iexplore.exe 376 127.0.0.1 1438 LISTEN UDP C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe 376 192.168.100.215 2108 222.185.252.147 80 ESTABLISHED TCP C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe 376 192.168.100.215 2097 202.107.233.211 80 ESTABLISHED TCP C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe 376 192.168.100.215 2085 60.190.28.107 80 CLOSE_WAIT TCP C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe 376 192.168.100.215 2084 60.190.28.107 80 CLOSE_WAIT TCP C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe 376 192.168.100.215 2083 60.190.28.107 80 CLOSE_WAIT TCP C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe 376 192.168.100.215 2082 60.190.28.107 80 CLOSE_WAIT TCP C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe 376 192.168.100.215 2081 60.190.28.107 80 CLOSE_WAIT TCP C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe 376 192.168.100.215 2080 60.190.28.107 80 CLOSE_WAIT TCP C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe 376 192.168.100.215 2079 60.190.28.107 80 CLOSE_WAIT TCP C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe 376 192.168.100.215 2078 60.190.28.107 80 CLOSE_WAIT TCP C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe 376 192.168.100.215 2077 60.190.28.107 80 CLOSE_WAIT TCP C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe 376 192.168.100.215 2076 60.190.28.107 80 CLOSE_WAIT TCP C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe 408 127.0.0.1 1764 LISTEN UDP C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe 408 192.168.100.215 2147 61.141.32.66 80 ESTABLISHED TCP C:\Program Files\Internet Explorer\iexplore.exe
lsass.exe 728 0.0.0.0 4500 LISTEN UDP C:\WINDOWS\system32\lsass.exe
lsass.exe 728 0.0.0.0 500 LISTEN UDP C:\WINDOWS\system32\lsass.exe
svchost.exe 908 0.0.0.0 3389 LISTEN TCP C:\WINDOWS\system32\svchost.exe
svchost.exe 960 0.0.0.0 135 LISTEN TCP C:\WINDOWS\system32\svchost.exe
svchost.exe 1040 192.168.100.215 123 LISTEN UDP C:\WINDOWS\System32\svchost.exe
svchost.exe 1148 0.0.0.0 1683 LISTEN UDP C:\WINDOWS\system32\svchost.exe
svchost.exe 1148 0.0.0.0 1203 LISTEN UDP C:\WINDOWS\system32\svchost.exe
svchost.exe 1148 0.0.0.0 1025 LISTEN UDP C:\WINDOWS\system32\svchost.exe
alg.exe 1324 127.0.0.1 1047 LISTEN TCP C:\WINDOWS\System32\alg.exe
aspnet_state.exe 1764 127.0.0.1 42424 LISTEN TCP C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
QQ.exe 1896 127.0.0.1 1241 LISTEN UDP C:\Program Files\Tencent\QQ\QQ.exe
QQ.exe 1896 0.0.0.0 6010 LISTEN UDP C:\Program Files\Tencent\QQ\QQ.exe
QQ.exe 1896 0.0.0.0 6009 LISTEN UDP C:\Program Files\Tencent\QQ\QQ.exe
QQ.exe 1896 0.0.0.0 6008 LISTEN UDP C:\Program Files\Tencent\QQ\QQ.exe
QQ.exe 1896 0.0.0.0 6007 LISTEN UDP C:\Program Files\Tencent\QQ\QQ.exe
QQ.exe 1896 0.0.0.0 6006 LISTEN UDP C:\Program Files\Tencent\QQ\QQ.exe
QQ.exe 1896 0.0.0.0 6005 LISTEN UDP C:\Program Files\Tencent\QQ\QQ.exe
QQ.exe 1896 0.0.0.0 6004 LISTEN UDP C:\Program Files\Tencent\QQ\QQ.exe
QQ.exe 1896 0.0.0.0 6003 LISTEN UDP C:\Program Files\Tencent\QQ\QQ.exe
QQ.exe 1896 0.0.0.0 6002 LISTEN UDP C:\Program Files\Tencent\QQ\QQ.exe
QQ.exe 1896 0.0.0.0 6001 LISTEN UDP C:\Program Files\Tencent\QQ\QQ.exe
QQ.exe 1896 0.0.0.0 6000 LISTEN UDP C:\Program Files\Tencent\QQ\QQ.exe
QQ.exe 1896 0.0.0.0 4000 LISTEN UDP C:\Program Files\Tencent\QQ\QQ.exe
然后用卸载软件附带的杀毒软件(之所以用它是没不办法了其他杀毒软件都报告没毒)查看的结果如下:
完美卸载 - 系统检查检测报告!
建议:修复时请按照高手的反馈编号在修复工具中打勾进行修复.

--------------------------系统环境-------------------------
检测日期: 2006-2-22 8:7
Windows: Microsoft Windows XP
ServicePack: Service Pack 2
Update: 2600.xpsp_sp2_gdr.050301-1519
Internet Explorer: 6.0.2900.2180

-----------------------网络基础安全测试--------------------
密码安全检测:已经设置了管理员密码,建议:将密码复杂度和长度提高!
网络漏洞检测:空连接检查安全!

服务名称是否运行描述
RemoteRegistry [已停止] [说明:这个服务可能被利用远程操作注册表]
Windows Time [运行中] [说明:这个服务可能被黑客利用来启动木马]
Telnet [已停止] [说明:这个服务可能被黑客登录到您计算机]
Messenger [已停止] [说明:这个服务常被广告商用来发垃圾广告]
Server [运行中] [说明:如果你的电脑不用局域网中,可以关闭]

-----------------------计算机网络端口----------------------
协议端口号端口类型
TCP 135 微软DCE RPC end-point mapper服务
TCP 445 Microsoft-DS
TCP 3389 超级终端
TCP 4630 未知类型
TCP 1047 未知类型
TCP 4630 未知类型
TCP 4630 未知类型
TCP 42424 未知类型
TCP 139 微软Netbios Name服务(用于文件及打印机共享)
TCP 1629 未知类型
TCP 1802 未知类型
TCP 1803 未知类型
TCP 1804 未知类型
TCP 1805 未知类型
TCP 1806 未知类型
TCP 1807 未知类型
TCP 1808 未知类型
TCP 1809 未知类型
TCP 1810 未知类型
TCP 1811 未知类型
TCP 1813 未知类型
TCP 1814 未知类型
TCP 1815 未知类型
TCP 1816 未知类型
TCP 1817 未知类型
TCP 1818 未知类型
TCP 1819 未知类型
TCP 1820 未知类型
TCP 1821 未知类型
TCP 1822 未知类型
TCP 1887 未知类型
TCP 445 公共Internet文件系统(CIFS)
TCP 500 Internet密钥交换
TCP 1025 Maverick's Matrix 1.2 - 2.0
TCP 1203 未知类型
TCP 1683 未知类型
TCP 4000 未知类型
TCP 4500 sae-urn
TCP 6000 未知类型
TCP 6001 未知类型
TCP 6002 未知类型
TCP 6003 未知类型
TCP 6004 未知类型
TCP 6005 未知类型
TCP 6006 未知类型
TCP 6007 未知类型
TCP 6008 未知类型
TCP 6009 未知类型
TCP 6010 未知类型
TCP 123 未知类型
TCP 1241 未知类型
TCP 1438 未知类型
TCP 1764 未知类型
TCP 123 未知类型
TCP 137 未知类型
TCP 138 未知类型
TCP 123 未知类型

--------------------计算机系统组件体检----------------------
[编号:0]
[名称:\SystemRoot\System32\smss.exe]
[类型:运行进程]
[内容:未知]

[编号:1]
[名称:\??\C:\WINDOWS\system32\winlogon.exe]
[类型:运行进程]
[内容:未知]

[编号:2]
[名称:C:\WINDOWS\system32\services.exe]
[类型:运行进程]
[内容:Microsoft(R) Windows(R) Operating System (C) Microsoft Corporation. All rights reserved.]

[编号:3]
[名称:C:\WINDOWS\system32\lsass.exe]
[类型:运行进程]
[内容:Microsoft? Windows? Operating System ? Microsoft Corporation. All rights reserved.]

[编号:4]
[名称:C:\WINDOWS\system32\svchost.exe]
[类型:运行进程]
[内容:Microsoft? Windows? Operating System ? Microsoft Corporation. All rights reserved.]

[编号:5]
[名称:C:\WINDOWS\System32\svchost.exe]
[类型:运行进程]
[内容:Microsoft? Windows? Operating System ? Microsoft Corporation. All rights reserved.]

[编号:6]
[名称:C:\KAV2006\KWatch.EXE]
[类型:运行进程]
[内容:Kingsoft Antivirus Copyright (C) 1998 - 2005 Kingsoft Corporation]

[编号:7]
[名称:C:\WINDOWS\system32\spoolsv.exe]
[类型:运行进程]
[内容:Microsoft? Windows? Operating System ? Microsoft Corporation. All rights reserved.]

[编号:8]
[名称:C:\WINDOWS\system32\ServerNT.EXE]
[类型:运行进程]
[内容:未知]

[编号:9]
[名称:C:\Program Files\Common Files\SAND\client.exe]
[类型:运行进程]
[内容:QQFACE Copyright (C) COMENET TECHNOLOGY 2002-2005]

[编号:10]
[名称:C:\WINDOWS\Explorer.EXE]
[类型:运行进程]
[内容:Microsoft(R) Windows(R) Operating System (C) Microsoft Corporation. All rights reserved.]

[编号:11]
[名称:C:\WINDOWS\SOUNDMAN.EXE]
[类型:运行进程]
[内容:Realtek Sound Manager Copyright (c) 2001-2004 Realtek Semiconductor Corp.]

[编号:12]
[名称:C:\WINDOWS\system32\igfxpers.exe]
[类型:运行进程]
[内容:Intel(R) Common User Interface Copyright 1999-2004, Intel Corporation]

[编号:13]
[名称:C:\KAV2006\KAVStart.exe]
[类型:运行进程]
[内容:Kingsoft Antivirus Copyright (C) 1998 - 2005, Kingsoft Corporation]

[编号:14]
[名称:C:\Program Files\Common Files\Real\Update_OB\realsched.exe]
[类型:运行进程]
[内容:RealPlayer (32-bit) Copyright ? RealNetworks, Inc. 1995-2004]

[编号:15]
[名称:C:\WINDOWS\system32\ctfmon.exe]
[类型:运行进程]
[内容:Microsoft? Windows? Operating System ? Microsoft Corporation. All rights reserved.]

[编号:16]
[名称:C:\KAV2006\KMailMon.EXE]
[类型:运行进程]
[内容:Kingsoft Antivirus Copyright (C) 1998 - 2005 Kingsoft Corporation]

[编号:17]
[名称:C:\Program Files\Tencent\QQ\QQ.exe]
[类型:运行进程]
[内容:TENCENT QQ Copyright ? 2005]

[编号:18]
[名称:C:\Program Files\Active Ports\aports.exe]
[类型:运行进程]
[内容:Active Ports Copyright ? 2001-2002 SmartLine, Inc.]

[编号:19]
[名称:C:\Program Files\Internet Explorer\iexplore.exe]
[类型:运行进程]
[内容:Microsoft(R) Windows(R) Operating System (C) Microsoft Corporation. All rights reserved.]

[编号:20]
[名称:C:\Program Files\Internet Explorer\iexplore.exe]
[类型:运行进程]
[内容:Microsoft(R) Windows(R) Operating System (C) Microsoft Corporation. All rights reserved.]

[编号:21]
[名称:C:\Program Files\完美卸载V2006\MainCon.exe]
[类型:运行进程]
[内容:MainCon 应用程序版权所有 (C) 2004]

[编号:22]
[名称:C:\Program Files\完美卸载V2006\SysSec.exe]
[类型:运行进程]
[内容:完美卸载V2006-ChinaHijackThis 版权所有 (C) 2006]

[编号:23]
[分隔符:---------------------------------------------------------------------]

[编号:24]
[名称:C:\KAV2006\KAVIPC2.DLL]
[类型:已加载DLL]
[内容:Kingsoft Antivirus Copyright (C) 1998 - 2004 Kingsoft Corporation]

[编号:25]
[名称:C:\KAV2006\KAEPlat.DLL]
[类型:已加载DLL]
[内容:Kingsoft AntiVirus Engine Copyright (C) Kingsoft Co., Ltd 1998-2003]

[编号:26]
[名称:C:\KAV2006\KAEMem.DAT]
[类型:已加载DLL]
[内容:Kingsoft KAEMem Copyright ? 2004]

[编号:27]
[名称:C:\WINDOWS\system32\UMiscell.dll]
[类型:已加载DLL]
[内容:UMiscell Dynamic Link Library 版权所有 (C) 2000]

[编号:28]
[名称:C:\WINDOWS\system32\sgv.dll]
[类型:已加载DLL]
[内容:M80SGV Dynamic Link Library 版权所有 (C) 2002]

[编号:29]
[名称:C:\WINDOWS\system\Sense3.dll]
[类型:已加载DLL]
[内容:未知]

[编号:30]
[名称:C:\WINDOWS\system32\SecuComm.dll]
[类型:已加载DLL]
[内容:未知]

[编号:31]
[名称:C:\KAV2006\KASocket.dll]
[类型:已加载DLL]
[内容:Kingsoft Antivirus Copyright (C) 1998 - 2004 Kingsoft Corporation]

[编号:32]
[名称:C:\WINDOWS\system32\igfxpph.dll]
[类型:已加载DLL]
[内容:Intel(R) Common User Interface Copyright 1999-2004, Intel Corporation]

[编号:33]
[名称:C:\WINDOWS\system32\hccutils.DLL]
[类型:已加载DLL]
[内容:Intel(R) Common User Interface Copyright 1999-2004, Intel Corporation]

[编号:34]
[名称:C:\WINDOWS\system32\igfxres.dll]
[类型:已加载DLL]
[内容:Intel(R) Common User Interface Copyright 1999-2004, Intel Corporation]

[编号:35]
[名称:C:\WINDOWS\system32\igfxress.dll]
[类型:已加载DLL]
[内容:Intel(R) Common User Interface Copyright 1999-2004, Intel Corporation]

[编号:36]
[名称:C:\WINDOWS\system32\igfxsrvc.dll]
[类型:已加载DLL]
[内容:Intel(R) Common User Interface Copyright 1999-2004, Intel Corporation]

[编号:37]
[名称:C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll]
[类型:已加载DLL]
[内容:AcroIEHelper Library Copyright 1984-2003 Adobe Systems Incorporated and its licensors. All rights reserved.]

[编号:38]
[名称:C:\KAV2006\PopSprt3.dll]
[类型:已加载DLL]
[内容:Kingsoft Antivirus Copyright (C) 1998 - 2005 Kingsoft Corporation]

[编号:39]
[名称:C:\KAV2006\KAVPassp.dll]
[类型:已加载DLL]
[内容:Kingsoft Online Service Copyright(C) 2004-2005 Kingsoft Corporation]

[编号:40]
[名称:C:\KAV2006\KAPlugin.DLL]
[类型:已加载DLL]
[内容:Kingsoft Antivirus Copyright (C) 1998-2004 Kingsoft Corporation]

[编号:41]
[名称:C:\KAV2006\KAntiSpm.dll]
[类型:已加载DLL]
[内容: KAVAntiS Dynamic Link Library Copyright (C) 2004 金山软件股份有限公司]

[编号:42]
[名称:C:\KAV2006\KAECall2.DLL]
[类型:已加载DLL]
[内容:Kingsoft Antivirus Copyright (C) 1998 - 2004 Kingsoft Corporation]

[编号:43]
[名称:C:\KAV2006\KAConfig.DLL]
[类型:已加载DLL]
[内容:Kingsoft Antivirus Copyright (C) 1998 - 2005 Kingsoft Corporation]

[编号:44]
[名称:C:\Program Files\Tencent\QQ\QQBaseClassInDll.dll]
[类型:已加载DLL]
[内容:QQBaseClassInDll Dynamic Link Library 版权所有 (C) 2003]

[编号:45]
[名称:C:\Program Files\Tencent\QQ\QQHelperDll.dll]
[类型:已加载DLL]
[内容:QQHelperDll Dynamic Link Library 版权所有 (C) 2005]

[编号:46]
[名称:C:\Program Files\Tencent\QQ\BasicCtrlDll.dll]
[类型:已加载DLL]
[内容:BasicCtrlDll Dynamic Link Library 版权所有 (C) 2005]

[编号:47]
[名称:C:\Program Files\Tencent\QQ\QQAPI.dll]
[类型:已加载DLL]
[内容:ModuleSample Dynamic Link Library 版权所有 (C) 2002]

[编号:48]
[名称:C:\Program Files\Tencent\QQ\TIMProxy.dll]
[类型:已加载DLL]
[内容:tencent QQMainCreatorProxy Copyright ? 2004]

[编号:49]
[名称:C:\Program Files\Tencent\QQ\LoginCtrl.dll]
[类型:已加载DLL]
[内容:LoginCtrl Dynamic Link Library 版权所有 (C) 2003]

[编号:50]
[名称:C:\Program Files\Tencent\QQ\npkcntc.dll]
[类型:已加载DLL]
[内容:nProtect KeyCrypt Driver Support Dll Copyright (C) INCA Internet. 2000-2005]

[编号:51]
[名称:C:\Program Files\Tencent\QQ\npkpdb.dll]
[类型:已加载DLL]
[内容:nProtect KeyCrypt Program Database DLL Copyright (C) INCA Internet. 2000-2003]

[编号:52]
[名称:C:\Program Files\Tencent\QQ\QQRes.dll]
[类型:已加载DLL]
[内容:tencent QQRes Copyright ? 2005]

[编号:53]
[名称:C:\Program Files\Tencent\QQ\QQMainFrame.dll]
[类型:已加载DLL]
[内容:未知]

[编号:54]
[名称:C:\Program Files\Tencent\QQ\CQQApplication.dll]
[类型:已加载DLL]
[内容:未知]

[编号:55]
[名称:C:\Program Files\Tencent\QQ\NewSkin.dll]
[类型:已加载DLL]
[内容:NewSkin Module Copyright 2003]

[编号:56]
[名称:C:\Program Files\Tencent\QQ\HostingMgr.dll]
[类型:已加载DLL]
[内容:HostingMgr Dynamic Link Library 版权所有 (C) 2005]

[编号:57]
[名称:C:\Program Files\Tencent\QQ\MailSummary.dll]
[类型:已加载DLL]
[内容:MailSummary Dynamic Link Library 版权所有 (C) 2005]

[编号:58]
[名称:C:\Program Files\Tencent\QQ\QQSpace.dll]
[类型:已加载DLL]
[内容:QQSpace Dynamic Link Library 版权所有 (C) 2005]

[编号:59]
[名称:C:\WINDOWS\system32\msdmo.dll]
[类型:已加载DLL]
[内容:(null) (null)]

[编号:60]
[名称:C:\Program Files\Tencent\QQ\QQSysMsgMng.dll]
[类型:已加载DLL]
[内容:未知]

[编号:61]
[名称:C:\Program Files\Tencent\QQ\QQConfigPlugin.dll]
[类型:已加载DLL]
[内容:QQConfigPlugin Dynamic Link Library 版权所有 (C) 2005]

[编号:62]
[名称:C:\Program Files\Tencent\QQ\UserDefinedHead.dll]
[类型:已加载DLL]
[内容:UserDefinedHead Dynamic Link Library 版权所有 (C) 2005]

[编号:63]
[名称:C:\Program Files\Tencent\QQ\QRingMng.dll]
[类型:已加载DLL]
[内容:未知]

[编号:64]
[名称:C:\Program Files\Tencent\QQ\PhoneAPI.dll]
[类型:已加载DLL]
[内容:PhoneAPI Dynamic Link Library 版权所有 (C) 2005]

[编号:65]
[名称:C:\Program Files\Tencent\QQ\DialerAllinOne.dll]
[类型:已加载DLL]
[内容:tencent DialerAllInOne Copyright ? 2005]

[编号:66]
[名称:C:\Program Files\Tencent\QQ\QQAvatar.dll]
[类型:已加载DLL]
[内容:未知]

[编号:67]
[名称:C:\Program Files\Tencent\QQ\FlashAvatarDll.dll]
[类型:已加载DLL]
[内容:FlashAvatarDll Dynamic Link Library 版权所有 (C) 2005]

[编号:68]
[名称:C:\Program Files\Tencent\QQ\LongConnection.dll]
[类型:已加载DLL]
[内容:tencent QQ Platform Copyright ? 2005]

[编号:69]
[名称:C:\Program Files\Tencent\QQ\QQPet.dll]
[类型:已加载DLL]
[内容:QQPet Dynamic Link Library 版权所有 (C) 2005]

[编号:70]
[名称:C:\Program Files\Tencent\QQ\BQQApplication.dll]
[类型:已加载DLL]
[内容:未知]

[编号:71]
[名称:C:\Program Files\Tencent\QQ\QQPlugin.dll]
[类型:已加载DLL]
[内容:未知]

[编号:72]
[名称:C:\Program Files\Tencent\QQ\QQAllInOne.dll]
[类型:已加载DLL]
[内容:未知]

[编号:73]
[名称:C:\Program Files\Tencent\QQ\CameraDll.dll]
[类型:已加载DLL]
[内容:CameraDll Dynamic Link Library 版权所有 (C) 2003]

[编号:74]
[名称:C:\Program Files\Tencent\QQ\SCCore.dll]
[类型:已加载DLL]
[内容:未知]

[编号:75]
[名称:C:\Program Files\Tencent\QQ\CommercesMng.dll]
[类型:已加载DLL]
[内容:CommercesMng Dynamic Link Library 版权所有 (C) 2003]

[编号:76]
[名称:C:\Program Files\Tencent\QQ\PersonalDesktop.dll]
[类型:已加载DLL]
[内容:PersonalDesktop Module 版权所有 (C) 1998-2001 深圳市腾讯计算机系统公司]

[编号:77]
[名称:C:\Program Files\Tencent\QQ\QQAddr.dll]
[类型:已加载DLL]
[内容:腾讯通讯录版权所有 (C) 2004 深圳市腾讯计算机系统有限公司]

[编号:78]
[名称:C:\Program Files\Tencent\QQ\QQSceneMng.dll]
[类型:已加载DLL]
[内容:未知]

[编号:79]
[名称:C:\Program Files\Tencent\QQ\QQPhoneHelper.dll]
[类型:已加载DLL]
[内容:QQPhoneHelper 腾讯科技（深圳）有限公司版权所有 (C) 2005]

[编号:80]
[名称:c:\program files\google\googletoolbar2.dll]
[类型:已加载DLL]
[内容:Google Toolbar for IE 版权所有 ?2000-2005]

[编号:81]
[名称:C:\WINDOWS\system32\socul.dll]
[类型:已加载DLL]
[内容:Sogou Express (C) Sohu.com Inc. All rights reserved.]

[编号:82]
[分隔符:---------------------------------------------------------------------]

[编号:83]
[名称:SoundMan]
[类型:开机启动]
[内容:SOUNDMAN.EXE]

[编号:84]
[名称:Persistence]
[类型:开机启动]
[内容:C:\WINDOWS\system32\igfxpers.exe]

[编号:85]
[名称:KavStart]
[类型:开机启动]
[内容:"C:\KAV2006\KAVStart.exe" -startup]

[编号:86]
[名称:Update]
[类型:开机启动]
[内容:C:\WINDOWS\system32\Update.exe]

[编号:87]
[名称:res]
[类型:开机启动]
[内容:C:\WINDOWS\system32\res.exe]

[编号:88]
[名称:TkBellExe]
[类型:开机启动]
[内容:"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot]

[编号:89]
[名称:KernelFaultCheck]
[类型:开机启动]
[内容:%systemroot%\system32\dumprep 0 -k]

[编号:90]
[分隔符:---------------------------------------------------------------------]

[编号:91]
[名称:AFD]
[类型:服务:未知]
[内容:\SystemRoot\System32\drivers\afd.sys]

[编号:92]
[名称:Service for Realtek AC97 Audio (WDM)]
[类型:服务:Windows (R) WDM driver for Realtek AC'97 Audio(HRTF data Copyright 1994 by MIT Media Lab) Copyright (c) Realtek Semiconductor Corp.1998-2005]
[内容:C:\WINDOWS\system32\drivers\alcxwdm.sys]

[编号:93]
[名称:ASP.NET State Service]
[类型:服务:未知]
[内容:C:\WINDOWS\microsoft.net\framework\v1.1.4322\aspnet_state.exe]

[编号:94]
[名称:DCOM Server Process Launcher]
[类型:服务:未知]
[内容:C:\WINDOWS\system32\svchost ]

[编号:95]
[名称:KNetWch]
[类型:服务:Kingsoft Firewall Copyright (C) 2001-2005, Kingsoft Corporation]
[内容:c:\kav2006\knetwch.sys]

[编号:96]
[名称:Kingsoft Personal Firewall Service]
[类型:服务:未知]
[内容:"C:\KAV2006\KPfwSvc.EXE"]

[编号:97]
[名称:KWatch3]
[类型:服务:Kingsoft Antivirus Copyright (C) 2000 - 2004 Kingsoft Corporation]
[内容:c:\windows\system32\drivers\kwatch3.sys]

[编号:98]
[名称:Kingsoft Antivirus KWatch Service]
[类型:服务:Kingsoft Antivirus Copyright (C) 1998 - 2005 Kingsoft Corporation]
[内容:C:\KAV2006\KWatch.EXE]

[编号:99]
[名称:Windows Installer]
[类型:服务:未知]
[内容:C:\WINDOWS\system32\msiexec.exe /V]

[编号:100]
[名称:NetGroup Packet Filter Driver]
[类型:服务:WinPcap Netgroup Packet Filter Driver Copyright ? 1999-2004]
[内容:C:\WINDOWS\system32\drivers\npf.sys]

[编号:101]
[名称:npkcrypt]
[类型:服务:nProtect KeyCrypt Driver Copyright (C) INCA Internet. 2000-2005]
[内容:c:\program files\tencent\qq\npkcrypt.sys]

[编号:102]
[名称:ROCKEYNT]
[类型:服务:ROCKEY Device Driver (C)Copyright FTCX,All Right Reserved! 1999-2000]
[内容:c:\windows\system32\drivers\rockeynt.sys]

[编号:103]
[名称:Remote Packet Capture Protocol v.0 (experimental)]
[类型:服务:未知]
[内容:"%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini"]

[编号:104]
[名称:Remote Procedure Call (RPC)]
[类型:服务:未知]
[内容:C:\WINDOWS\system32\svchost ]

[编号:105]
[名称:Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver]
[类型:服务:Realtek RTL8139 Family Fast Ethernet Adapter Copyright (C) 1994-2003 Realtek Semiconductor Corporation]
[内容:C:\WINDOWS\system32\drivers\rtl8139.sys]

[编号:106]
[名称:Secdrv]
[类型:服务:未知]
[内容:C:\WINDOWS\system32\drivers\secdrv.sys]

[编号:107]
[名称:Sense3]
[类型:服务:SENSE3 Driver for NT (C) 1999-2001 Beijing Senselock co.ltd]
[内容:C:\WINDOWS\system32\drivers\sense3.sys]

[编号:108]
[名称:Sentinel]
[类型:服务:未知]
[内容:\SystemRoot\System32\Drivers\SENTINEL.SYS]

[编号:109]
[名称:Superk53]
[类型:服务:未知]
[内容:\SystemRoot\System32\drivers\superk53.sys]

[编号:110]
[名称:合并报表队列服务]
[类型:服务: ]
[内容:c:\u8soft\gdp\web\bin\taskservice.exe]

[编号:111]
[名称:Terminal Services]
[类型:服务:未知]
[内容:C:\WINDOWS\system32\svchost ]

[编号:112]
[名称:UFSoft SMS Platform]
[类型:服务:未知]
[内容:C:\WINDOWS\system32\U8SMSSrv.exe]

[编号:113]
[名称:用友U8预警调度服务]
[类型:服务:未知]
[内容:C:\WINDOWS\system32\AlertService.exe]

[编号:114]
[名称:U8管理软件]
[类型:服务:未知]
[内容:C:\WINDOWS\system32\ServerNT.EXE]

[编号:115]
[名称:Windows Print Controller]
[类型:服务:QQFACE Copyright (C) COMENET TECHNOLOGY 2002-2005]
[内容:C:\Program Files\Common Files\SAND\client.exe]

[编号:116]
[名称:WmNdisDrv]
[类型:服务:未知]
[内容:C:\WINDOWS\system32\drivers\wmndisdrv.sys]

[编号:117]
[分隔符:---------------------------------------------------------------------]

[编号:118]
[名称:Start Page]
[类型:IE主页-当前用户]
[内容:about:blank]

[编号:119]
[名称:Search Page]
[类型:IE搜索-当前用户]
[内容:http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch]

[编号:120]
[名称:Start Page]
[类型:IE主页-所有用户]
[内容:about:blank]

[编号:121]
[名称:Search Page]
[类型:IE搜索-所有用户]
[内容:http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch]

[编号:122]
[名称:Default_Page_URL]
[类型:默认IE主页-所有用户]
[内容:http://www.microsoft.com/windows/ie_intl/cn/start/]

[编号:123]
[名称:Default_Search_URL]
[类型:默认IE搜索-所有用户]
[内容:http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch]

[编号:124]
[分隔符:---------------------------------------------------------------------]

[编号:125]
[名称:AcroIEHlprObj Class]
[类型:IE 嵌入对象]
[内容:C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll]

[编号:126]
[名称:Google Toolbar Helper]
[类型:IE 嵌入对象]
[内容:c:\program files\google\googletoolbar2.dll]

[编号:127]
[分隔符:---------------------------------------------------------------------]

[编号:128]
[名称:{022C4009-5283-4365-97BF-144054B40E2E}]
[类型:IE 扩展按钮]
[内容:免费精彩视频超流畅在线观看路径:http://itv.mop.com]

[编号:129]
[名称:{0A155D3C-68E2-4215-A47A-E800A446447A}]
[类型:IE 扩展按钮]
[内容:浩方对战平台路径:D:\浩方对战平台\GameClient.exe]

[编号:130]
[分隔符:---------------------------------------------------------------------]

[编号:131]
[名称:Google 搜索(&G)]
[类型:IE 右键按钮]
[内容: 路径:nt.e]

[编号:132]
[名称:上传到QQ网络硬盘]
[类型:IE 右键按钮]
[内容: 路径:nt.e]

[编号:133]
[名称:使用网际快车下载]
[类型:IE 右键按钮]
[内容: 路径:nt.e]

[编号:134]
[名称:使用网际快车下载全部链接]
[类型:IE 右键按钮]
[内容: 路径:nt.e]

[编号:135]
[名称:反向链接]
[类型:IE 右键按钮]
[内容: 路径:nt.e]

[编号:136]
[名称:添加到QQ自定义面板]
[类型:IE 右键按钮]
[内容: 路径:nt.e]

[编号:137]
[名称:添加到QQ表情]
[类型:IE 右键按钮]
[内容: 路径:nt.e]

[编号:138]
[名称:用QQ彩信发送该图片]
[类型:IE 右键按钮]
[内容: 路径:nt.e]

[编号:139]
[名称:类似网页]
[类型:IE 右键按钮]
[内容: 路径:nt.e]

[编号:140]
[名称:缓存的网页快照]
[类型:IE 右键按钮]
[内容: 路径:nt.e]

[编号:141]
[名称:翻译英文字词(&T)]
[类型:IE 右键按钮]
[内容: 路径:nt.e]

[编号:142]
[分隔符:---------------------------------------------------------------------]

[编号:143]
[名称:print$]
[类型:共享文件]
[内容:C:\WINDOWS\System32\spool\drivers
]

[编号:144]
[分隔符:---------------------------------------------------------------------]

[编号:145]
[名称:PostBootReminder]
[类型:正常嵌入对象]
[内容:%SystemRoot%\system32\SHELL32.dll]

[编号:146]
[名称:CDBurn]
[类型:正常嵌入对象]
[内容:%SystemRoot%\system32\SHELL32.dll]

[编号:147]
[名称:WebCheck]
[类型:正常嵌入对象]
[内容:%SystemRoot%\system32\webcheck.dll]

[编号:148]
[名称:SysTray]
[类型:正常嵌入对象]
[内容:C:\WINDOWS\system32\stobject.dll]

[编号:149]
[分隔符:---------------------------------------------------------------------]

[编号:150]
[名称:]
[类型:EXE关联]
[内容:"%1" %*]

[编号:151]
[名称:]
[类型:TXT关联]
[内容:%SystemRoot%\system32\NOTEPAD.EXE %1]

[编号:152]
[名称:]
[类型:vbs关联]
[内容:%SystemRoot%\System32\WScript.exe "%1" %*]

[编号:153]
[名称:]
[类型:Js关联]
[内容:%SystemRoot%\System32\WScript.exe "%1" %*]

[编号:154]
[名称:]
[类型:htmlfile关联]
[内容:"C:\Program Files\Internet Explorer\iexplore.exe" -nohome]

[编号:155]
[名称:]
[类型:HTTP协议]
[内容:"C:\Program Files\Internet Explorer\iexplore.exe" -nohome]

[编号:156]
[名称:]
[类型:FTP协议]
[内容:"C:\Program Files\Internet Explorer\iexplore.exe" %1]

[编号:157]
[分隔符:---------------------------------------------------------------------]

[编号:158]
[名称:c:\windows\system32\pbvm60.dll]
[类型:第三方 COM/ActiveX组件]
[内容:U8M Portal OLE Component---发布公司:PowerBuilder/InfoMaker Copyright Sybase Inc. 1991-1998]

[编号:159]
[名称:c:\windows\system32\deskpan.dll]
[类型:第三方 COM/ActiveX组件]
[内容:显示摇曳 CPL 扩展---发布公司:未知]

[编号:160]
[名称:c:\windows\system32\recncl.dll]
[类型:第三方 COM/ActiveX组件]
[内容:Reconciliation interface ProxyStub Factory---发布公司:未知]

[编号:161]
[名称:c:\windows\system32\msir3jp.dll]
[类型:第三方 COM/ActiveX组件]
[内容:Japanese_Default Word Breaker Resources---发布公司:未知]

[编号:162]
[名称:c:\windows\system32\msir3jp.dll]
[类型:第三方 COM/ActiveX组件]
[内容:Japanese_Default Stemmer Resources---发布公司:未知]

[编号:163]
[名称:c:\windows\system32\rtlcpapi.dll]
[类型:第三方 COM/ActiveX组件]
[内容:RtlCP Class---发布公司:RtlCPAPI Module Copyright 2004]

--------------------感谢您关注我的软件---------------------
网站: [URL=http://www.wjfsoft.com ]http://www.wjfsoft.com [/URL] 产品:完美卸载V2006
用START的结果是:
进程 PID 内存占用可执行文件优先级页面错误计数内存占用（峰值）分页池（峰值）分页池非分页池（峰值）非分页池页面文件（峰值）页面文件
闲置 0
系统 4 77,824 20 (标准) 5,617 2,568,192
KAVStart.exe 240 1,007,616 C:\KAV2006\KAVStart.exe 20 (标准) 1,523 4,263,936 36,528 36,128 4,424 4,088 2,072,576 2,064,384
iexplore.exe 408 8,482,816 C:\Program Files\Internet Explorer\iexplore.exe 20 (标准) 22,647 18,878,464 83,216 79,024 28,508 16,712 18,690,048 18,108,416
smss.exe 520 102,400 C:\WINDOWS\\System32\smss.exe 20 (标准)* 218 491,520 13,136 5,196 1,272 640 1,683,456 167,936
aports.exe 528 1,679,360 C:\Program Files\Active Ports\aports.exe 20 (标准) 7,235 7,589,888 53,536 40,572 7,352 4,880 4,452,352 4,263,936
csrss.exe 616 6,467,584 C:\WINDOWS\system32\csrss.exe 20 (标准)* 6,111 6,565,888 92,020 82,936 5,944 5,272 1,904,640 1,892,352
winlogon.exe 656 1,818,624 C:\WINDOWS\system32\winlogon.exe 80 (高)* 6,449 11,771,904 68,604 63,916 49,528 47,144 8,515,584 7,008,256
services.exe 716 2,269,184 C:\WINDOWS\system32\services.exe 20 (标准)* 2,455 6,512,640 39,672 38,256 8,192 7,072 4,673,536 4,517,888
lsass.exe 728 1,093,632 C:\WINDOWS\system32\lsass.exe 20 (标准)* 8,403 8,200,192 43,016 41,248 11,152 8,960 6,397,952 6,266,880
ctfmon.exe 848 1,789,952 C:\WINDOWS\system32\ctfmon.exe 20 (标准) 1,497 5,394,432 38,716 34,184 3,880 3,800 3,407,872 3,059,712
realsched.exe 900 155,648 C:\Program Files\Common Files\Real\Update_OB\realsched.exe 20 (标准) 8,345 3,108,864 40,096 39,696 3,992 3,800 1,175,552 1,159,168
svchost.exe 908 3,342,336 C:\WINDOWS\system32\svchost.exe 20 (标准)* 2,116 7,208,960 44,440 44,208 8,240 7,224 25,952,256 4,964,352
svchost.exe 960 2,281,472 C:\WINDOWS\system32\svchost.exe 20 (标准) 1,699 6,176,768 41,888 41,332 16,032 13,888 3,960,832 3,915,776
SOUNDMAN.EXE 1016 1,359,872 C:\WINDOWS\SOUNDMAN.EXE 20 (标准) 857 3,121,152 34,824 32,420 2,680 2,640 2,084,864 2,084,864
svchost.exe 1040 10,305,536 C:\WINDOWS\System32\svchost.exe 20 (标准)* 10,540 22,622,208 126,212 122,476 74,160 70,872 15,831,040 14,712,832
svchost.exe 1148 2,404,352 C:\WINDOWS\system32\svchost.exe 20 (标准) 1,498 5,455,872 35,648 31,364 8,094 4,966 3,629,056 3,588,096
svchost.exe 1216 3,543,040 C:\WINDOWS\system32\svchost.exe 20 (标准) 1,866 5,996,544 43,136 41,288 6,984 5,072 4,378,624 4,354,048
alg.exe 1324 1,531,904 C:\WINDOWS\System32\alg.exe 20 (标准) 1,379 5,492,736 39,428 39,268 5,968 5,648 3,268,608 3,256,320
KWatch.EXE 1360 8,712,192 C:\KAV2006\KWatch.EXE 20 (标准)* 1,357,979 24,354,816 31,872 31,568 41,800 40,160 30,289,920 23,953,408
spoolsv.exe 1424 1,732,608 C:\WINDOWS\system32\spoolsv.exe 20 (标准)* 1,802 6,643,712 45,812 43,920 6,880 4,752 5,406,720 5,160,960
KMailMon.EXE 1472 593,920 C:\KAV2006\KMailMon.EXE 20 (标准) 1,384 4,075,520 21,264 20,864 3,920 3,840 2,191,360 2,068,480
igfxpers.exe 1548 1,232,896 C:\WINDOWS\system32\igfxpers.exe 20 (标准) 798 3,121,152 29,172 28,772 3,560 3,360 954,368 925,696
Explorer.EXE 1640 13,291,520 C:\WINDOWS\Explorer.EXE 20 (标准) 40,426 24,387,584 126,240 99,036 18,376 15,160 26,087,424 22,839,296
aspnet_state.exe 1764 1,224,704 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe 20 (标准) 1,033 3,604,480 37,540 32,992 35,744 34,856 1,294,336 1,179,648
ServerNT.EXE 1860 4,698,112 C:\WINDOWS\system32\ServerNT.EXE 20 (标准)* 21,552 8,245,248 47,652 42,560 11,752 7,200 4,349,952 2,232,320
QQ.exe 1896 15,192,064 C:\Program Files\Tencent\QQ\QQ.exe 20 (标准) 18,970 20,258,816 101,552 100,816 21,360 17,736 17,072,128 15,974,400
wdfmgr.exe 1980 659,456 C:\WINDOWS\system32\wdfmgr.exe 20 (标准) 472 1,896,448 17,040 16,936 3,056 1,960 1,691,648 1,658,880
client.exe 2036 1,699,840 C:\Program Files\Common Files\SAND\client.exe 20 (标准)* 1,203 3,735,552 34,572 31,860 5,232 3,752 1,282,048 1,282,048
WinRAR.exe 3948 8,880,128 C:\Program Files\WinRAR\WinRAR.exe 20 (标准) 3,093 8,880,128 52,644 48,560 5,976 5,840 11,157,504 7,241,728
starter.exe 4052 8,421,376 C:\DOCUME~1\mgj\LOCALS~1\Temp\Rar$EX00.219\Starter\starter.exe 20 (标准) 2,857 8,437,760 51,400 42,804 5,776 5,720 6,119,424 6,115,328

Starter 报告汉化手记

请各位大哥大姐帮忙看看,我的机子怎么了,我该怎么办啊.我暂时还不想格那很麻烦的.
谢谢拉!!!!!!!!!!!!!!!!!!

[此贴被千狐(mgj456) 在 02月22日10时45分编辑过]

地主发表时间: 06-02-22 08:38

回复: BearKing [bking]

版主

res.exe 344 192.168.100.215 1985 61.177.56.231 80 CLOSE_WAIT TCP C:\WINDOWS\system32\res.exe
iexplore.exe 376 192.168.100.215 2108 222.185.252.147 80 ESTABLISHED TCP C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe 376 192.168.100.215 2097 202.107.233.211 80 ESTABLISHED TCP C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe 408 192.168.100.215 2147 61.141.32.66 80 ESTABLISHED TCP C:\Program Files\Internet Explorer\iexplore.exe
-------------------------------------------------------------------------------
res.exe 可能是病毒或木马程序.
接下来这两个IE进程我估计这有可能是病毒程序打开的。
最后这个是你正在访问的20cn，嘿嘿肯定没问题

我建议你先将进程里的res.exe进程结束运行。然后用http://budin.cn/reg.exe 金山毒霸注册表修复工具，用此软件将IE，启动程序项清理一下。你不是还有金山毒载吗,为何不用它来杀杀毒？

B1层发表时间: 06-02-22 14:34

回复: mgj456 [mgj456]

论坛用户

哎!1
我用了杀毒的啊
报告说没发现病毒

B2层发表时间: 06-02-23 08:30

回复: BearKing [bking]

版主

http://budin.cn/forumTopicRead.asp?id=260&ntime=2006%2D2%2D23+17%3A25%3A35
借鉴一下篇文章中使用的方法

[此贴被 BearKing(bking) 在 02月23日17时29分编辑过]

B3层发表时间: 06-02-23 17:29

回复: mgj456 [mgj456]

论坛用户

谢谢拉！]

B4层发表时间: 06-02-23 18:13

论坛: 菜鸟乐园