标题: [求助] 紧急求助,系统无法正常运行 [打印本页]

---

作者: 神雕大侠    时间: 2007-10-5 19:13     标题: 紧急求助,系统无法正常运行

无法正常安装及运行某些软件,比如无法安装WinRAR,提示找不到C:/WINDOWS/msutl.exe,

重新安装系统也解决不了问题,请问msutl.exe是什么程序,能不能给我上传一个，麻烦高手帮助

---

作者: eric00    时间: 2007-10-5 20:32

我搜了自己的硬盘，ms没有这个文件

---

作者: 晨风鸟    时间: 2007-10-5 21:30

这个有可能不是系统文件，有可能是你的电脑中了病毒或者木马，

可以查杀系统以后再次运行安装，或者在安全模式下面试试能否正常安装。

---

作者: ldsystem    时间: 2007-10-5 22:17

这个不是系统文件,可能是中毒了,请下载IceSword,先结束可疑进程,再用arswp清理,建议装上微点...
最好用SREng扫描一份日志贴上来...

相关软件请到这里下载
http://bbs.liulanghome.com/thread-49234-1-1.html

---

作者: 神雕大侠    时间: 2007-10-5 23:09

1. 2007-10-05,23:06:20
   
2. 
   
3. System Repair Engineer 2.5.16.900
   
4. Smallfrogs ([url]http://www.KZTechs.com[/url])
   
5. 
   
6. Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
   
7. 
   
8. 以下内容被选中：
   
9.     所有的启动项目（包括注册表、启动文件夹、服务等）
   
10.     浏览器加载项
    
11.     正在运行的进程（包括进程模块信息）
    
12.     文件关联
    
13.     Winsock 提供者
    
14.     Autorun.inf
    
15.     HOSTS 文件
    
16.     进程特权扫描
    
17. 
    
18. 
    
19. 启动项目
    
20. 注册表
    
21. [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    
22.     <KavPFW><"C:\KAV2007\KPFW32.EXE">  [Kingsoft Corporation]
    
23.     <ctfmon.exe><C:\windows\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    
24. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    
25.     <Lskbdrv><C:\Program Files\Lenovo\幸福一键通\Kbdriver.exe>  []
    
26.     <LenSoft><C:\Program Files\Lenovo\幸福一键通\FlyShuttle.exe>  []
    
27.     <KavStart><"C:\KAV2007\KAVStart.exe" -startup>  [Kingsoft Corporation]
    
28. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    
29.     <KASTask><C:\KAV2007\KASTask.EXE>  [Kingsoft Corporation]
    
30. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    
31.     <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    
32.     <Userinit><C:\windows\system32\Userinit.exe,>  [(Verified)Microsoft Windows Publisher]
    
33.     <UIHost><"\Program Files\Logonui\Logonui.exe">  [N/A]
    
34. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    
35.     <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [N/A]
    
36. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    
37.     <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
    
38. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    
39.     <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
    
40. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    
41.     <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
    
42. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    
43.     <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
    
44. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    
45.     <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
    
46. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    
47.     <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub>  [(Verified)Microsoft Windows Publisher]
    
48. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    
49.     <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]
    
50. 
    
51. ==================================
    
52. 启动文件夹
    
53. N/A
    
54. 
    
55. ==================================
    
56. 服务
    
57. [Ati HotKey Poller / Ati HotKey Poller][Stopped/Auto Start]
    
58.   <C:\windows\system32\Ati2evxx.exe><>
    
59. [ATI Smart / ATI Smart][Stopped/Auto Start]
    
60.   <><N/A>
    
61. [Help and Support / helpsvc][Stopped/Disabled]
    
62.   <C:\windows\System32\svchost.exe -k netsvcs-->%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll><N/A>
    
63. [Human Interface Device Access / HidServ][Stopped/Disabled]
    
64.   <C:\windows\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
    
65. [Kingsoft Personal Firewall Service / KPfwSvc][Running/Auto Start]
    
66.   <"C:\KAV2007\KPfwSvc.EXE"><Kingsoft Corporation>
    
67. [Kingsoft Antivirus KWatch Service / KWatchSvc][Running/Auto Start]
    
68.   <C:\KAV2007\KWatch.EXE><Kingsoft Corporation>
    
69. 
    
70. ==================================
    
71. 驱动程序
    
72. [aeaudio / aeaudio][Stopped/Manual Start]
    
73.   <system32\drivers\aeaudio.sys><Andrea Electronics Corporation>
    
74. [Service for WDM 3D Audio Driver / ALCXSENS][Stopped/Manual Start]
    
75.   <system32\drivers\ALCXSENS.SYS><Sensaura Ltd>
    
76. [Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
    
77.   <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
    
78. [ati2mtag / ati2mtag][Stopped/Manual Start]
    
79.   <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
    
80. [VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Stopped/Manual Start]
    
81.   <system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
    
82. [VIA Rhine Family Fast Ethernet Adapter Driver Service / FETNDISB][Stopped/Manual Start]
    
83.   <system32\DRIVERS\fetnd5b.sys><VIA Technologies, Inc.>
    
84. [HSFHWBS2 / HSFHWBS2][Running/Manual Start]
    
85.   <system32\DRIVERS\HSFHWBS2.sys><Conexant Systems>
    
86. [HSF_DP / HSF_DP][Running/Manual Start]
    
87.   <system32\DRIVERS\HSF_DP.sys><Conexant Systems>
    
88. [KAVBootC / KAVBootC][Running/Boot Start]
    
89.   <\SystemRoot\system32\Drivers\KAVBootC.sys><Kingsoft Corporation>
    
90. [KNetWch / KNetWch][Running/System Start]
    
91.   <\??\C:\KAV2007\KNetWch.SYS><Kingsoft Corporation>
    
92. [KWatch3 / KWatch3][Running/System Start]
    
93.   <\??\C:\windows\system32\drivers\KWatch3.SYS><Kingsoft Corporation>
    
94. [mdmxsdk / mdmxsdk][Running/Auto Start]
    
95.   <system32\DRIVERS\mdmxsdk.sys><Conexant>
    
96. [NTSIM / NTSIM][Stopped/Manual Start]
    
97.   <\??\C:\WINDOWS\system32\ntsim.sys><VIA Technologies, Inc.>
    
98. [Direct Parallel Link Driver / Ptilink][Running/Manual Start]
    
99.   <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
    
100. [Realtek RTL8139/810X Family PCI Fast Ethernet NIC NT Driver / rtl8139][Running/Manual Start]
     
101.   <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
     
102. [Secdrv / Secdrv][Stopped/Manual Start]
     
103.   <system32\DRIVERS\secdrv.sys><N/A>
     
104. [SiS315 / SiS315][Running/Manual Start]
     
105.   <system32\DRIVERS\sisgrp.sys><Silicon Integrated Systems Corporation>
     
106. [SiS AGP Filter / sisagp][Running/Boot Start]
     
107.   <\SystemRoot\system32\DRIVERS\SISAGPX.sys><Silicon Integrated Systems Corporation>
     
108. [SiSide / SiSide][Running/Boot Start]
     
109.   <\SystemRoot\system32\DRIVERS\siside.sys><Silicon Integrated Systems Corp.>
     
110. [sisidex / sisidex][Running/Boot Start]
     
111.   <\SystemRoot\system32\drivers\sisidex.sys><Windows (R) 2000 DDK provider>
     
112. [SiSkp / SiSkp][Running/System Start]
     
113.   <system32\drivers\srvkp.sys><N/A>
     
114. [Add Performance Filter Driver / sisperf][Running/Boot Start]
     
115.   <\SystemRoot\system32\drivers\sisperf.sys><Silicon Integrated Systems Corp.>
     
116. [smwdm / smwdm][Stopped/Manual Start]
     
117.   <system32\drivers\smwdm.sys><Analog Devices, Inc.>
     
118. [Conexant Setup API / UIUSys][Stopped/Manual Start]
     
119.   <system32\drivers\UIUSys.sys><Conexant>
     
120. [ViaIde / ViaIde][Running/Boot Start]
     
121.   <\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
     
122. [winachsf / winachsf][Running/Manual Start]
     
123.   <system32\DRIVERS\HSF_CNXT.sys><Conexant Systems>
     
124. [World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
     
125.   <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
     
126. [Driver for XLPPoEPC Device / XLPPoEPC][Running/Manual Start]
     
127.   <system32\DRIVERS\XLPPoEPC.sys><西安信利软件系统公司>
     
128. [Vimicro USB PC Camera (ZC0301PL) / ZSMC301b][Stopped/Manual Start]
     
129.   <System32\Drivers\usbVM31b.sys><VM>
     
130. 
     
131. ==================================
     
132. 浏览器加载项
     
133. [CBrowseStakeout Class]
     
134.   {55302805-482E-470E-8A57-6795A1487F90} <C:\KAV2007\KAVAFish.DLL, Kingsoft Corporation>
     
135. [WUWebControl Class]
     
136.   {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
     
137. [CBrowseStakeout Class]
     
138.   {55302805-482E-470E-8A57-6795A1487F90} <C:\KAV2007\KAVAFish.DLL, Kingsoft Corporation>
     
139. [WUWebControl Class]
     
140.   {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
     
141. [360SafeLive]
     
142.   {87515F61-A66C-4319-A0E0-D416CB8059E3} <E:\360\360safe\live.dll, 360safe.com>
     
143. [SearchAssistantOC]
     
144.   {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
     
145. [Shockwave Flash Object]
     
146.   {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx, Adobe Systems, Inc.>
     
147. [金山毒霸反钓鱼...]
     
148.   <C:\KAV2007\KAF\ShowSet.htm, N/A>
     
149. 
     
150. ==================================
     
151. 正在运行的进程
     
152. [PID: 660][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
     
153. [PID: 720][\??\C:\windows\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
     
154. [PID: 744][\??\C:\windows\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
     
155.     [C:\windows\system32\Ati2evxx.dll]  [, ]
     
156. [PID: 788][C:\windows\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
     
157. [PID: 800][C:\windows\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
     
158. [PID: 976][C:\windows\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
     
159. [PID: 1068][C:\windows\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
     
160. [PID: 1192][C:\windows\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
     
161. [PID: 1256][C:\windows\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
     
162. [PID: 1300][C:\KAV2007\KWatch.EXE]  [Kingsoft Corporation, 2007, 8, 13, 78]
     
163.     [C:\KAV2007\KAVIPC2.DLL]  [Kingsoft Corporation, 2007, 1, 15, 30]
     
164.     [C:\KAV2007\KAEPlat.DLL]  [Kingsoft Corp., 2007, 6, 19, 64]
     
165.     [C:\KAV2007\KAEMem.DAT]  [Kingsoft, 2006, 9, 25, 16]
     
166.     [C:\KAV2007\KAEUnpack.DAT]  [Kingsoft Corp., 2007, 9, 17, 134]
     
167.     [C:\KAV2007\KAVQuara.DLL]  [Kingsoft Corporation, 2007, 6, 15, 4]
     
168. [PID: 1368][C:\KAV2007\KPfwSvc.EXE]  [Kingsoft Corporation, 2007, 8, 17, 39]
     
169. [PID: 1380][C:\windows\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
     
170. [PID: 1584][C:\windows\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
     
171.     [C:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2007, 3, 18, 241]
     
172.     [C:\KAV2007\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 12, 1, 139]
     
173.     [C:\windows\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
     
174.     [C:\windows\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
     
175.     [C:\Program Files\Winrar3.7\rarext.dll]  [N/A, ]
     
176.     [C:\KAV2007\KAVEXT.DLL]  [Kingsoft Corporation, 2007, 6, 21, 29]
     
177.     [C:\windows\system32\LgdGuard.dll]  [, ]
     
178.     [D:\Unlocker绿色版\unlockercom.dll]  [N/A, ]
     
179.     [C:\KAV2007\KAScript.DLL]  [Kingsoft Corporation, 2007, 3, 6, 75]
     
180.     [C:\KAV2007\KAEPlat.DLL]  [Kingsoft Corp., 2007, 6, 19, 64]
     
181.     [C:\KAV2007\KAEMem.DAT]  [Kingsoft, 2006, 9, 25, 16]
     
182.     [C:\KAV2007\KAEUnpack.DAT]  [Kingsoft Corp., 2007, 9, 17, 134]
     
183.     [C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx]  [Adobe Systems, Inc., 9,0,47,0]
     
184. [PID: 1728][C:\Program Files\Lenovo\幸福一键通\Kbdriver.exe]  [N/A, ]
     
185.     [C:\Program Files\Lenovo\幸福一键通\lxkeyled.dll]  [N/A, ]
     
186.     [C:\Program Files\Lenovo\幸福一键通\VolumeOsd.dll]  [N/A, ]
     
187.     [C:\Program Files\Lenovo\幸福一键通\ScrOSD32.dll]  [N/A, ]
     
188.     [C:\Program Files\Lenovo\幸福一键通\tgekb.dll]  [N/A, ]
     
189.     [C:\Program Files\Lenovo\幸福一键通\XPNyGet.dll]  [N/A, ]
     
190. [PID: 1740][C:\Program Files\Lenovo\幸福一键通\FlyShuttle.exe]  [, 1, 0, 0, 1]
     
191.     [C:\Program Files\Lenovo\幸福一键通\CLxUI.dll]  [联想（北京）有限公司, 1, 0, 0, 1]
     
192.     [C:\Program Files\Lenovo\幸福一键通\SKOSD.DLL]  [Silitek Corp., 1, 0, 6, 0]
     
193.     [C:\Program Files\Lenovo\幸福一键通\SKUtil.DLL]  [Silitek Corp., 1, 0, 9, 0]
     
194.     [C:\Program Files\Lenovo\幸福一键通\VolumeOsd.dll]  [N/A, ]
     
195.     [C:\Program Files\Lenovo\幸福一键通\ScrOSD32.dll]  [N/A, ]
     
196.     [C:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2007, 3, 18, 241]
     
197.     [C:\KAV2007\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 12, 1, 139]
     
198.     [C:\windows\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
     
199.     [C:\windows\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
     
200. [PID: 1752][C:\KAV2007\KAVStart.exe]  [Kingsoft Corporation, 2007, 8, 15, 289]
     
201.     [C:\windows\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
     
202.     [C:\windows\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
     
203.     [C:\windows\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
     
204.     [C:\windows\system32\MFC71CHS.DLL]  [Microsoft Corporation, 7.10.3077.0]
     
205.     [C:\KAV2007\KAVIPC2.DLL]  [Kingsoft Corporation, 2007, 1, 15, 30]
     
206.     [C:\KAV2007\SvcTimer.DLL]  [Kingsoft Corporation, 2006.12.22.84]
     
207.     [C:\KAV2007\KAVPassp.dll]  [Kingsoft Corporation, 2006, 12, 30, 271]
     
208.     [C:\KAV2007\PopSprt3.dll]  [Kingsoft Corporation, 2007, 3, 20, 48]
     
209.     [C:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2007, 3, 18, 241]
     
210. [PID: 1784][C:\KAV2007\KPFW32.EXE]  [Kingsoft Corporation, 2007, 8, 17, 726]
     
211.     [C:\windows\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
     
212.     [C:\windows\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
     
213.     [C:\windows\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
     
214.     [C:\windows\system32\MFC71CHS.DLL]  [Microsoft Corporation, 7.10.3077.0]
     
215.     [C:\KAV2007\KAVIPC2.DLL]  [Kingsoft Corporation, 2007, 1, 15, 30]
     
216.     [C:\KAV2007\KAConfig.DLL]  [Kingsoft Corporation, 2007, 1, 11, 41]
     
217.     [C:\KAV2007\FiltList.dll]  [N/A, ]
     
218.     [C:\KAV2007\KAVPassp.DLL]  [Kingsoft Corporation, 2006, 12, 30, 271]
     
219.     [C:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2007, 3, 18, 241]
     
220.     [C:\KAV2007\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 12, 1, 139]
     
221. [PID: 1848][C:\windows\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
     
222. [PID: 2028][C:\KAV2007\KMailMon.EXE]  [Kingsoft Corporation, 2007, 8, 16, 967]
     
223.     [C:\KAV2007\KAntiSpm.dll]  [Kingsoft Corporation, 2007, 2, 25, 129]
     
224.     [C:\windows\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
     
225.     [C:\windows\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
     
226.     [C:\KAV2007\KAVIPC2.DLL]  [Kingsoft Corporation, 2007, 1, 15, 30]
     
227.     [C:\KAV2007\KAECall2.DLL]  [Kingsoft Corporation, 2004, 12, 28, 7]
     
228.     [C:\KAV2007\KAEPlat.DLL]  [Kingsoft Corp., 2007, 6, 19, 64]
     
229.     [C:\KAV2007\KAEMem.DAT]  [Kingsoft, 2006, 9, 25, 16]
     
230.     [C:\KAV2007\KAEUnpack.DAT]  [Kingsoft Corp., 2007, 9, 17, 134]
     
231.     [C:\KAV2007\KAConfig.DLL]  [Kingsoft Corporation, 2007, 1, 11, 41]
     
232.     [C:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2007, 3, 18, 241]
     
233.     [C:\KAV2007\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 12, 1, 139]
     
234. [PID: 172][C:\DOCUME~1\rjzj.net\LOCALS~1\Temp\Rar$EX00.094\usbkill.exe]  [ooVista 软件团队, 8, 3, 0, 0]
     
235.     [C:\KAV2007\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 12, 1, 139]
     
236.     [C:\windows\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
     
237.     [C:\windows\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
     
238.     [C:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2007, 3, 18, 241]
     
239. [PID: 996][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
     
240.     [C:\KAV2007\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 12, 1, 139]
     
241.     [C:\windows\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
     
242.     [C:\windows\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
     
243.     [C:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2007, 3, 18, 241]
     
244.     [C:\KAV2007\KAVAFish.DLL]  [Kingsoft Corporation, 2006, 10, 25, 27]
     
245.     [C:\KAV2007\KAScript.DLL]  [Kingsoft Corporation, 2007, 3, 6, 75]
     
246.     [C:\KAV2007\KAEPlat.DLL]  [Kingsoft Corp., 2007, 6, 19, 64]
     
247.     [C:\KAV2007\KAEMem.DAT]  [Kingsoft, 2006, 9, 25, 16]
     
248.     [C:\KAV2007\KAEUnpack.DAT]  [Kingsoft Corp., 2007, 9, 17, 134]
     
249.     [C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx]  [Adobe Systems, Inc., 9,0,47,0]
     
250.     [C:\windows\system32\msdmo.dll]  [, ]
     
251.     [C:\Program Files\Common Files\Ahead\DSFilter\NeSplitter.ax]  [Nero AG, 3,2,0,20c]
     
252. [PID: 708][D:\杀毒日志\新建文件夹\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
     
253.     [C:\KAV2007\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 12, 1, 139]
     
254.     [C:\windows\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
     
255.     [C:\windows\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
     
256.     [C:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2007, 3, 18, 241]
     
257.     [D:\杀毒日志\新建文件夹\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
     
258. 
     
259. ==================================
     
260. 文件关联
     
261. .TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
     
262. .EXE  OK. ["%1" %*]
     
263. .COM  OK. ["%1" %*]
     
264. .PIF  OK. ["%1" %*]
     
265. .REG  OK. [regedit.exe "%1"]
     
266. .BAT  OK. ["%1" %*]
     
267. .SCR  OK. ["%1" /S]
     
268. .CHM  OK. ["C:\windows\hh.exe" %1]
     
269. .HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
     
270. .INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
     
271. .INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
     
272. .VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
     
273. .JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
     
274. .LNK  OK. [{00021401-0000-0000-C000-000000000046}]
     
275. 
     
276. ==================================
     
277. Winsock 提供者
     
278. N/A
     
279. 
     
280. ==================================
     
281. Autorun.inf
     
282. N/A
     
283. 
     
284. ==================================
     
285. HOSTS 文件
     
286. 127.0.0.1       localhost
     
287. 
     
288. ==================================
     
289. 进程特权扫描
     
290. 特殊特权被允许： SeLoadDriverPrivilege [PID = 1728, C:\PROGRAM FILES\LENOVO\幸福一键通\KBDRIVER.EXE]
     
291. 特殊特权被允许： SeLoadDriverPrivilege [PID = 1740, C:\PROGRAM FILES\LENOVO\幸福一键通\FLYSHUTTLE.EXE]
     
292. 特殊特权被允许： SeLoadDriverPrivilege [PID = 1784, C:\KAV2007\KPFW32.EXE]
     
293. 特殊特权被允许： SeDebugPrivilege [PID = 2028, C:\KAV2007\KMAILMON.EXE]
     
294. 特殊特权被允许： SeDebugPrivilege [PID = 172, C:\DOCUME~1\RJZJ.NET\LOCALS~1\TEMP\RAR$EX00.094\USBKILL.EXE]
     
295. 特殊特权被允许： SeLoadDriverPrivilege [PID = 172, C:\DOCUME~1\RJZJ.NET\LOCALS~1\TEMP\RAR$EX00.094\USBKILL.EXE]
     
296. 
     
297. ==================================
     
298. API HOOK
     
299. 入口点错误：LoadLibraryExW (危险等级: 高,  被下面模块所HOOK: C:\KAV2007\KASocket.dll)
     
300. 
     
301. ==================================
     
302. 隐藏进程
     
303. N/A
     
304. 
     
305. ==================================

复制代码

---

作者: ldsystem    时间: 2007-10-6 08:34

看日志没什么问题,请搜索注册表,将查找到的msutl.exe键值全部删掉, 用AUTO病毒专杀扫描并免疫,再用SREng修复,最后用arswp清理,强烈建议楼主装微点...
相关软件请到这里下载
http://bbs.liulanghome.com/thread-49234-1-1.html

---

作者: 神雕大侠    时间: 2007-10-6 08:52     标题: 反馈,谢谢老大帮忙

1.已经利用RegWorkshop.exe 删除了msutl.exe相关键值共4处,不过删除后
有时还会出现一处键值目前发现,我电脑内以前收藏的WINRAR以及绿鹰万能
精灵安装程序无法安装,而重新下载的WINRAR以及绿鹰万能精灵安装程序可
以正常使用,还有优化大师单文件版重新下载的也可以使用,还有一种现象经
过压缩收藏的程序也可以正常使用

2.目前利用杀毒软件与arswp清理已经没有病毒报告,不过电脑中以前收藏的程序很
多都无法使用,启动它们防火墙会提示是否允许连网并且出现一个与msutl.exe相关
的注册表键值,这些应该是受到感染的文件吧?是否应该全部删除

3.请问老大如何查看SREng扫描日志有没有问题,有参照吗?

[ 本帖最后由 神雕大侠 于 2007-10-6 08:59 编辑 ]

---

作者: ldsystem    时间: 2007-10-6 09:38

如果被感染的EXE文件无法修复,那就只能删除了.
SREng扫描日志,可以借助SREngLog分析助手来看,不过这个助手只是给你项目分类,方便查看,但是不会自动分析,最终还是需要自己凭经验去分析判断....
相关软件请到这里下载
http://bbs.liulanghome.com/thread-49234-1-1.html

---

欢迎光临 IT家园 (http://bbs.it998.com/)

Powered by Discuz! 7.2