求助 C:\WINDOWS\system32下的msup6.exe究竟是什么？

显示全部楼层 · 发表于 2007-3-5 18:48:55

这个msup6.exe位于C:\WINDOWS\system32下，只要它存在QQ一登录就退出，用卡巴、绿色蜘蛛、AVG Anti-Spyware也查不出是病毒，可用百度搜了一下，有的说是木马。手动删除后，有的时候它又自动产生了。

显示全部楼层 · 发表于 2007-3-5 19:28:56

你可以用SRE扫个报告，帖上来

[ 本帖最后由 wangjay1980 于 2007-3-5 19:30 编辑 ]

显示全部楼层 · 发表于 2007-3-5 19:44:21

原帖由 wangjay1980 于 2007-3-5 19:28 发表
你可以用SRE扫个报告，帖上来

版主，是用智能扫描那一项吧？日志如下：

[CODE]

2007-03-05,19:44:03

System Repair Engineer 2.3.13.690
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<CnxDslTaskBar><"C:\Program Files\ADSL\AccessRunner ADSL\CnxDslTb.exe">  [Conexant Systems Inc.]
<AVP><"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe">  [Kaspersky Lab]
<!AVG Anti-Spyware><"D:\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized>  [Anti-Malware Development a.s.]
<NVMixerTray><; "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe">  [NVIDIA Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe>  [(Verified)Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><"C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll">  [Kaspersky Lab]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{57B86673-276A-48B2-BAE7-C6DBB3020EB8}><D:\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll>  [Anti-Malware Development a.s.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
<WinlogonNotify: klogon><C:\WINDOWS\system32\klogon.dll>  [Kaspersky Lab]

==================================
启动文件夹
N/A

==================================
服务
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
  <C:\WINDOWS\system32\Ati2evxx.exe><N/A>
[ATI Smart / ATI Smart][Stopped/Auto Start]
  <C:\WINDOWS\system32\ati2sgag.exe><>
[AVG Anti-Spyware Guard / AVG Anti-Spyware Guard][Running/Auto Start]
  <D:\Grisoft\AVG Anti-Spyware 7.5\guard.exe><Anti-Malware Development a.s.>
[Kaspersky Internet Security 6.0 / AVP][Running/Auto Start]
  <"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r><Kaspersky Lab>
[Windows Presentation Foundation Font Cache 3.0.0.0 / FontCache3.0.0.0][Stopped/Manual Start]
  <C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe><Microsoft Corporation>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Windows CardSpace / idsvc][Stopped/Manual Start]
  <"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"><Microsoft Corporation>
[Net.Tcp Port Sharing Service / NetTcpPortSharing][Stopped/Disabled]
  <"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"><Microsoft Corporation>

==================================
驱动程序
[AC2003 / AC2003][Stopped/Manual Start]
  <System32\Drivers\AC2003.sys><ABIT Computer Corp.>
[ati2mtag / ati2mtag][Running/Manual Start]
  <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[AVG Anti-Spyware Driver / AVG Anti-Spyware Driver][Running/System Start]
  <\??\D:\Grisoft\AVG Anti-Spyware 7.5\guard.sys><N/A>
[AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start]
  <System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.>
[USB ADSL LAN Adapter Filter Driver / CnxEtP][Running/Manual Start]
  <system32\DRIVERS\CnxEtP.sys><Conexant>
[USB ADSL 驱动 / CnxEtU][Running/Manual Start]
  <system32\DRIVERS\CnxEtU.sys><Conexant>
[USB ADSL LAN Adapter Driver / CnxTgN][Running/Manual Start]
  <system32\DRIVERS\CnxTgN.sys><Conexant Systems Inc.>
[kl1 / kl1][Running/Boot Start]
  <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
[klif / klif][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\D:\QQ\Tencent\npkcrypt.sys><INCA Internet Co., Ltd.>
[Service for NVIDIA(R) nForce(TM) Audio Enumerator / nvax][Running/Manual Start]
  <system32\drivers\nvax.sys><NVIDIA Corporation>
[NVIDIA nForce Networking Controller Driver / NVENET][Running/Manual Start]
  <system32\DRIVERS\NVENET.sys><NVIDIA Corporation>
[Service for NVIDIA(R) nForce(TM) Audio / nvnforce][Running/Manual Start]
  <system32\drivers\nvapu.sys><NVIDIA Corporation>
[NVIDIA nForce AGP Bus Filter / nv_agp][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\nv_agp.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
  <system32\DRIVERS\tcpip.sys><Microsoft Corporation>

==================================
浏览器加载项
[IeCatch5 Class]
  {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <D:\DOWNLOAD\FLASHGET\jccatch.dll, FlashGet>
[gFlash Class]
  {F156768E-81EF-470C-9057-481BA8380DBA} <D:\DOWNLOAD\FLASHGET\getflash.dll, N/A>
[Web Anti-Virus]
  {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll, Kaspersky Lab>
[FlashGet]
  {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <D:\DOWNLOAD\FLASHGET\flashget.exe, FlashGet.com>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[FlashGet Bar]
  {E0E899AB-F487-11D5-8D29-0050BA6940E3} <D:\DOWNLOAD\FLASHGET\fgiebar.dll, Amaze Soft>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[IeCatch5 Class]
  {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <D:\DOWNLOAD\FLASHGET\jccatch.dll, FlashGet>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553548888} <C:\WINDOWS\system32\Macromed\Flash\SWFlash9a.ocx, Adobe Systems, Inc.>
[XML HTTP Request]
  {ED8C108E-4349-11D2-91A4-00C04F7969E8} <%SystemRoot%\system32\msxml3.dll, N/A>
[gFlash Class]
  {F156768E-81EF-470C-9057-481BA8380DBA} <D:\DOWNLOAD\FLASHGET\getflash.dll, N/A>
[上传到QQ网络硬盘]
  <D:\QQ\Tencent\AddToNetDisk.htm, N/A>
[使用网际快车下载]
  <D:\DownLoad\FlashGet\jc_link.htm, N/A>
[使用网际快车下载全部链接]
  <D:\DownLoad\FlashGet\jc_all.htm, N/A>
[添加到QQ自定义面板]
  <D:\QQ\Tencent\AddPanel.htm, N/A>
[添加到QQ表情]
  <D:\QQ\Tencent\AddEmotion.htm, N/A>
[添加到反]
  <C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm, N/A>
[用QQ彩信发送该图片]
  <D:\QQ\Tencent\SendMMS.htm, N/A>

显示全部楼层 · 发表于 2007-3-5 19:44:38

==================================
正在运行的进程
[PID: 428][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 508][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 900][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\Ati2evxx.dll]  [N/A, N/A]
[C:\WINDOWS\system32\klogon.dll]  [Kaspersky Lab, 6.0.1.411]
[PID: 992][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1004][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1172][C:\WINDOWS\system32\Ati2evxx.exe]  [N/A, N/A]
[PID: 1224][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1296][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1332][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll]  [Kaspersky Lab, 6.0.1.411]
[PID: 1372][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1940][C:\WINDOWS\system32\Ati2evxx.exe]  [N/A, N/A]
[PID: 184][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scrchpg.dll]  [Kaspersky Lab, 1.0.6.411]
[D:\DOWNLOAD\FLASHGET\jccatch.dll]  [FlashGet, 1, 1, 5, 0]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll]  [Kaspersky Lab, 6.0.1.411]
[D:\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll]  [Anti-Malware Development a.s., 7, 5, 0, 47]
[D:\WINRAR\rarext.dll]  [N/A, N/A]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ShellEx.dll]  [Kaspersky Lab, 6.0.1.411]
[d:\dr.web\drwbxtn.dll]  [Doctor Web, Ltd., 4.33.0.200507180]
[D:\Grisoft\AVG Anti-Spyware 7.5\context.dll]  [Anti-Malware Development a.s., 7, 5, 0, 49]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\prremote.dll]  [Kaspersky Lab, 6.0.1.411]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\prloader.dll]  [Kaspersky Lab, 6.0.1.411]
[PID: 800][C:\Program Files\ADSL\AccessRunner ADSL\CnxDslTb.exe]  [Conexant Systems Inc., 2.099.085.000]
[C:\Program Files\ADSL\AccessRunner ADSL\CnxDslWz.dll]  [Conexant Systems Inc., 2.099.085.000]
[C:\WINDOWS\system32\CnxHwIo.dll]  [Conexant Systems Inc., 2.099.085.000]
[PID: 916][D:\Grisoft\AVG Anti-Spyware 7.5\avgas.exe]  [Anti-Malware Development a.s., 7, 5, 0, 50]
[D:\Grisoft\AVG Anti-Spyware 7.5\engine.dll]  [Anti-Malware Development a.s., 4, 2, 0, 15]
[PID: 1528][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 288][D:\Browser\Firefox Plus\App\firefox\firefox.exe]  [Mozilla Corporation, 1.8.1.2: 2007021917]
[D:\Browser\Firefox Plus\App\firefox\js3250.dll]  [Netscape Communications Corporation, 4.0]
[D:\Browser\Firefox Plus\App\firefox\nspr4.dll]  [Netscape Communications Corporation, 4.6.5]
[D:\Browser\Firefox Plus\App\firefox\xpcom_core.dll]  [Mozilla Foundation, 1.8.1.2: 2007021917]
[D:\Browser\Firefox Plus\App\firefox\plc4.dll]  [Netscape Communications Corporation, 4.6.5]
[D:\Browser\Firefox Plus\App\firefox\plds4.dll]  [Netscape Communications Corporation, 4.6.5]
[D:\Browser\Firefox Plus\App\firefox\smime3.dll]  [Mozilla Foundation, 3.11.5 Basic ECC]
[D:\Browser\Firefox Plus\App\firefox\nss3.dll]  [Mozilla Foundation, 3.11.5 Basic ECC]
[D:\Browser\Firefox Plus\App\firefox\softokn3.dll]  [Mozilla Foundation, 3.11.4 Basic ECC]
[D:\Browser\Firefox Plus\App\firefox\ssl3.dll]  [Mozilla Foundation, 3.11.5 Basic ECC]
[D:\Browser\Firefox Plus\App\firefox\xpcom_compat.dll]  [Mozilla Foundation, 1.8.1.2: 2007021917]
[D:\Browser\Firefox Plus\App\firefox\components\ThunderComponent.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 7]
[D:\Browser\Firefox Plus\App\firefox\components\jar50.dll]  [Mozilla Foundation, 1.8.1.2: 2007021917]
[D:\Browser\Firefox Plus\App\firefox\components\jsd3250.dll]  [Mozilla Foundation, 1.8.1.2: 2007021917]
[D:\Browser\Firefox Plus\App\firefox\components\myspell.dll]  [Mozilla Foundation, 1.8.1.2: 2007021917]
[D:\Browser\Firefox Plus\App\firefox\components\spellchk.dll]  [Mozilla Foundation, 1.8.1.2: 2007021917]
[D:\Browser\Firefox Plus\App\firefox\components\xpinstal.dll]  [Mozilla Foundation, 1.8.1.2: 2007021917]
[D:\Browser\Firefox Plus\App\firefox\extensions\talkback@mozilla.org\components\BrandRes.dll]  [N/A, N/A]
[D:\Browser\Firefox Plus\App\firefox\extensions\talkback@mozilla.org\components\fullsoft.dll]  [Full Circle Software, Inc., 2.2.unofficial]
[D:\Browser\Firefox Plus\App\firefox\extensions\talkback@mozilla.org\components\qfaservices.dll]  [Mozilla Foundation, 1.8.1.2: 2007021917]
[D:\Browser\Firefox Plus\App\firefox\freebl3.dll]  [Mozilla Foundation, 3.11.4 Basic ECC]
[D:\Browser\Firefox Plus\App\firefox\nssckbi.dll]  [Mozilla Foundation, 1.62]
[D:\Browser\Firefox Plus\App\firefox\xpcom.dll]  [Mozilla Foundation, 1.8.1.2: 2007021917]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scrchpg.dll]  [Kaspersky Lab, 1.0.6.411]
[C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll]  [RealNetworks, Inc., 6.0.11.2571]
[C:\WINDOWS\system32\PNCRT.dll]  [Real Networks, Inc, 6.0.0.0]
[C:\Program Files\Real\RealPlayer\rpplugins\embd3260.dll]  [RealNetworks, Inc., 6.0.12.1739]
[C:\Program Files\Common Files\Real\Common\pngu3267.dll]  [RealNetworks, Inc., 6.7.0.2962]
[C:\Program Files\Common Files\Real\Common\pnrs3260.dll]  [RealNetworks, Inc., 6.0.9.4317]
[C:\Program Files\Common Files\Real\Common\objb3201.dll]  [RealNetworks, Inc., 0.1.0.6726]
[C:\Program Files\Real\RealPlayer\rpplugins\rpcl3260.dll]  [RealNetworks, Inc., 6.0.9.3362]
[C:\Program Files\Real\RealPlayer\rpplugins\rput3260.dll]  [RealNetworks, Inc., 6.0.9.3363]
[C:\Program Files\Common Files\Real\Common\pnen3260.dll]  [RealNetworks, Inc., 10.0.0.1283]
[C:\Program Files\Common Files\Real\Plugins\vsrlocal.dll]  [RealNetworks, Inc., 10.1.0.1180]
[C:\Program Files\Common Files\Real\Plugins\zipf3260.dll]  [RealNetworks, Inc., 6.0.8.2799]
[C:\Program Files\Common Files\Real\Plugins\vidsite.dll]  [RealNetworks, Inc., 10.0.0.1253]
[C:\Program Files\Common Files\Real\Plugins\authmgr.dll]  [RealNetworks, Inc., 10.0.0.1687]
[C:\Program Files\Common Files\Real\Plugins\cdda3260.dll]  [RealNetworks, Inc., 6.0.3.2509]
[C:\Program Files\Common Files\Real\Plugins\clbascauth.dll]  [RealNetworks, Inc., 10.0.0.1254]
[C:\Program Files\Common Files\Real\Plugins\httpfsys.dll]  [RealNetworks, Inc., 10.0.0.3032]
[C:\Program Files\Common Files\Real\Plugins\memfsys.dll]  [RealNetworks, Inc., 10.0.0.1219]
[C:\Program Files\Common Files\Real\Plugins\ntlmauth.dll]  [RealNetworks, Inc., 10.0.0.1232]
[C:\Program Files\Common Files\Real\Plugins\pacplin.dll]  [RealNetworks, Inc., 10.0.0.1253]
[C:\Program Files\Common Files\Real\Plugins\plusplin.dll]  [RealNetworks, Inc., 10.0.0.1253]
[C:\Program Files\Common Files\Real\Plugins\pxcb3210.dll]  [RealNetworks, Inc., 1.0.0.4244]
[C:\Program Files\Common Files\Real\Plugins\ramfformat.dll]  [RealNetworks, Inc., 10.0.0.2477]
[C:\Program Files\Common Files\Real\Plugins\ramrender.dll]  [RealNetworks, Inc., 10.0.0.2164]
[C:\Program Files\Common Files\Real\Plugins\rmfformat.dll]  [RealNetworks, Inc., 10.0.0.1475]
[C:\Program Files\Common Files\Real\Plugins\rn5auth.dll]  [RealNetworks, Inc., 10.0.0.1455]
[C:\Program Files\Common Files\Real\Plugins\smlfformat.dll]  [RealNetworks, Inc., 10.0.0.2112]
[C:\Program Files\Common Files\Real\Plugins\smlrender.dll]  [RealNetworks, Inc., 10.0.0.1728]
[C:\Program Files\Common Files\Real\Plugins\smmrender.dll]  [RealNetworks, Inc., 10.0.0.1250]
[C:\Program Files\Common Files\Real\Plugins\smplfsys.dll]  [RealNetworks, Inc., 10.0.0.2020]
[C:\Program Files\Common Files\Real\Plugins\clntxres.dll]  [RealNetworks, Inc., 10.0.0.4181]
[C:\Program Files\Common Files\Real\Plugins\vsrcplin.dll]  [RealNetworks, Inc., 10.1.0.1180]
[C:\Program Files\Common Files\Real\Plugins\rarender.dll]  [RealNetworks, Inc., 10.0.0.1260]
[C:\Program Files\Common Files\Real\Plugins\swfformat.dll]  [RealNetworks, Inc., 10.0.0.1460]
[C:\Program Files\Common Files\Real\Plugins\rtfformat.dll]  [RealNetworks, Inc., 10.0.0.1457]
[C:\Program Files\Common Files\Real\Plugins\rtrender.dll]  [RealNetworks, Inc., 10.0.0.1250]
[C:\Program Files\Common Files\Real\Plugins\sdpplin.dll]  [RealNetworks, Inc., 10.0.0.373]
[C:\Program Files\Common Files\Real\Plugins\mp3render.dll]  [RealNetworks, Inc., 10.0.0.1252]
[C:\Program Files\Common Files\Real\Plugins\mp3metaff.dll]  [RealNetworks, Inc., 10.0.0.1219]
[C:\Program Files\Common Files\Real\Plugins\stubdrm.dll]  [RealNetworks, Inc., 10.0.0.1655]
[C:\Program Files\Common Files\Real\Plugins\mp4arender.dll]  [RealNetworks, Inc., 10.0.0.1055]
[C:\Program Files\Common Files\Real\Plugins\aacff.dll]  [RealNetworks, Inc., 10.0.0.1029]
[C:\Program Files\Common Files\Real\Plugins\wm9fformat.dll]  [RealNetworks, Inc., 1.0.0.1338]
[C:\Program Files\Common Files\Real\Plugins\wm9writer.dll]  [RealNetworks, Inc., 1.0.0.1322]
[C:\Program Files\Common Files\Real\Plugins\wmsechnd.dll]  [RealNetworks, Inc., 1.0.0.657]
[C:\Program Files\Common Files\Real\Plugins\recf3260.dll]  [RealNetworks, Inc., 6.0.0.3113]
[C:\Program Files\Common Files\Real\Plugins\cont3260.dll]  [RealNetworks, Inc., 6.0.0.2148]
[C:\Program Files\Common Files\Real\Plugins\audplin.dll]  [RealNetworks, Inc., 10.0.0.1483]
[C:\Program Files\Common Files\Real\Plugins\vidplin.dll]  [RealNetworks, Inc., 10.0.0.1269]
[C:\Program Files\Common Files\Real\Plugins\mpgfformat.dll]  [RealNetworks, Inc., 10.0.0.1428]
[C:\Program Files\Common Files\Real\Plugins\mpgrender.dll]  [RealNetworks, Inc., 10.0.0.1231]
[C:\Program Files\Common Files\Real\Plugins\mp4wrtr.dll]  [N/A, N/A]
[C:\Program Files\Common Files\Real\Plugins\rmwrtr.dll]  [RealNetworks, Inc., 6.0.2.1155]
[C:\Program Files\Common Files\Real\Plugins\security.dll]  [RealNetworks, Inc., 1.0.3.2518]
[C:\Program Files\Common Files\Real\Plugins\rmxrend.dll]  [RealNetworks, Inc., 1.0.3.2580]
[C:\Program Files\Common Files\Real\Plugins\rmxfpln.dll]  [RealNetworks, Inc., 1.0.3.2527]
[C:\Program Files\Common Files\Real\Plugins\tfilesys.dll]  [RealNetworks, Inc., 1.0.3.2488]
[C:\Program Files\Common Files\Real\Plugins\fpsechnd.dll]  [RealNetworks, Inc., 6.0.9.32]
[C:\Program Files\Common Files\Real\Plugins\pdgenxferfsys.dll]  [RealNetworks, Inc., 6.0.12.1680]
[C:\Program Files\Real\RealPlayer\lang\cdplay_cn.dll]  [RealNetworks, Inc., 6.0.12.298]
[C:\Program Files\Real\RealPlayer\lang\dbcomp_cn.dll]  [RealNetworks, Inc., 6.0.12.298]
[C:\Program Files\Real\RealPlayer\lang\embed_cn.dll]  [RealNetworks, Inc., 6.0.12.298]
[C:\Program Files\Real\RealPlayer\lang\gemctl_cn.dll]  [RealNetworks, Inc., 6.0.12.298]
[C:\Program Files\Real\RealPlayer\lang\pngui_cn.dll]  [RealNetworks, Inc., 6.0.12.298]
[C:\Program Files\Real\RealPlayer\lang\pdgenxfer_cn.dll]  [N/A, N/A]
[C:\Program Files\Real\RealPlayer\lang\rjctl_cn.dll]  [RealNetworks, Inc., 6.0.12.298]
[C:\Program Files\Real\RealPlayer\lang\rjeq_cn.dll]  [RealNetworks, Inc., 6.0.12.298]
[C:\Program Files\Real\RealPlayer\lang\rjres_cn.dll]  [RealNetworks, Inc., 6.0.12.298]
[C:\Program Files\Real\RealPlayer\lang\rjskin_cn.dll]  [RealNetworks, Inc., 6.0.12.298]
[C:\Program Files\Real\RealPlayer\lang\rjviz_cn.dll]  [RealNetworks, Inc., 6.0.12.298]
[C:\Program Files\Real\RealPlayer\lang\rjfade_cn.dll]  [RealNetworks, Inc., 6.0.12.298]
[C:\Program Files\Real\RealPlayer\lang\rjdlg_cn.dll]  [RealNetworks, Inc., 6.0.12.298]
[C:\Program Files\Real\RealPlayer\lang\rjmisc_cn.dll]  [RealNetworks, Inc., 6.0.12.298]
[C:\Program Files\Real\RealPlayer\lang\rjprog_cn.dll]  [RealNetworks, Inc., 6.0.12.298]
[C:\Program Files\Real\RealPlayer\lang\rpapp_cn.dll]  [RealNetworks, Inc., 6.0.12.299]
[C:\Program Files\Real\RealPlayer\lang\rpclsvc_cn.dll]  [RealNetworks, Inc., 6.0.12.298]
[C:\Program Files\Real\RealPlayer\lang\rpclutil_cn.dll]  [RealNetworks, Inc., 6.0.12.299]
[C:\Program Files\Real\RealPlayer\lang\rpdemand_cn.dll]  [RealNetworks, Inc., 6.0.12.299]
[C:\Program Files\Real\RealPlayer\lang\rpdsplyr_cn.dll]  [RealNetworks, Inc., 6.0.12.298]
[C:\Program Files\Real\RealPlayer\lang\rpgutil_cn.dll]  [RealNetworks, Inc., 6.0.12.298]
[C:\Program Files\Real\RealPlayer\lang\rpmnpane_cn.dll]  [RealNetworks, Inc., 6.0.12.298]
[C:\Program Files\Real\RealPlayer\lang\rpplylst_cn.dll]  [RealNetworks, Inc., 6.0.12.298]
[C:\Program Files\Real\RealPlayer\lang\rpwebctl_cn.dll]  [RealNetworks, Inc., 6.0.12.298]
[C:\Program Files\Real\RealPlayer\lang\tcdinfo_cn.dll]  [RealNetworks, Inc., 6.0.12.298]
[C:\Program Files\Real\RealPlayer\lang\tclsvc_cn.dll]  [RealNetworks, Inc., 6.0.12.298]
[C:\Program Files\Real\RealPlayer\lang\tdwnmgr_cn.dll]  [RealNetworks, Inc., 6.0.12.298]
[C:\Program Files\Real\RealPlayer\lang\tmp3_cn.dll]  [RealNetworks, Inc., 6.0.12.298]
[C:\Program Files\Real\RealPlayer\lang\twave_cn.dll]  [RealNetworks, Inc., 6.0.12.298]
[C:\Program Files\Real\RealPlayer\lang\teasdk_cn.dll]  [RealNetworks, Inc., 6.0.12.298]
[C:\Program Files\Real\RealPlayer\lang\tearm_cn.dll]  [RealNetworks, Inc., 6.0.12.298]
[C:\Program Files\Real\RealPlayer\lang\tmdedit_cn.dll]  [RealNetworks, Inc., 6.0.12.298]
[C:\Program Files\Real\RealPlayer\lang\mydevices_cn.dll]  [RealNetworks, Inc., 6.0.12.299]
[PID: 1796][D:\清理\SREng\SREng.EXE]  [Smallfrogs Studio, 2.3.13.690]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll]  [Kaspersky Lab, 6.0.1.411]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1    localhost

==================================
API HOOK
警告！System Repair Engineer 提醒
你下面的函数内容与预期值不符，他
们可能被一些恶意的软件所修改：
RVA  错误： LoadLibraryA
RVA  错误： LoadLibraryExA
RVA  错误： LoadLibraryExW
RVA  错误： LoadLibraryW

==================================

[/CODE]

显示全部楼层 · 发表于 2007-3-5 20:16:41

看报告没有什么问题，建议你先卸载QQ，然后再删除msup6.exe，并在注册表里搜索一下，如果有就删除。最后再重起后在安装QQ

显示全部楼层 · 发表于 2007-3-5 20:22:58

红伞误报文件回复,态度很好,删除病毒定义很及时

Dear Sir or Madam,

Thank you for your email to Avira's virus lab.
Tracking number: INC00009569.

We received the following archive files:

File ID                   Filename             Size (Byte)          Result
--------------------------------------------------------------------------------------------------------
198132                msup6.rar          14.831                OK

A listing of files contained inside archives alongside their results can be found below:

File ID                   Filename             Size (Byte)             Result -
---------------------------------------------------------------------------------------------------------
198133             msup6.exe          36.864                FALSE POSITIVE

Please find a detailed report concerning each individual sample below:

Filename                      Result
msup6.exe                   FALSE POSITIVE

The file 'msup6.exe' has been determined to be 'FALSE POSITIVE'. In particular this means that this file is not malicious but a false alarm. Detection is removed from our virus definition file (VDF) with the version: 6.37.00.232.

显示全部楼层 · 发表于 2007-3-5 20:24:34

看来msup6.exe没有问题，上面是小红伞的分析，是个误报。你可以卸载QQ，在重新安装一下

显示全部楼层 · 发表于 2007-3-5 21:58:48

谢谢版主，我用你说的步骤试试。

[讨论] 求助 C:\WINDOWS\system32下的msup6.exe究竟是什么？