查看: 3770|回复: 11
收起左侧

[讨论] 请问9A313E6B是什么东西?

[复制链接]
菡萏逸香
发表于 2007-7-11 16:32:05 | 显示全部楼层 |阅读模式
如题。。

[ 本帖最后由 菡萏逸香 于 2007-7-11 16:33 编辑 ]
2007-07-11_152614.gif
2007-07-11_152543.gif
2007-07-11_152543.gif
2007-07-11_152614.gif
菡萏逸香
 楼主| 发表于 2007-7-11 16:34:49 | 显示全部楼层
图发重了,对不起!

次序是第3和第4是对的。
magic659117852
发表于 2007-7-11 16:47:50 | 显示全部楼层
不知道是什么东西。。。。但绝对不是好东西,,随机8位字母数字组合。。。
嘁。不稀罕~
发表于 2007-7-11 19:09:29 | 显示全部楼层
系统还原被感染?
nealee
发表于 2007-7-12 17:29:59 | 显示全部楼层
肯定不是什么好东西,没有那个程序会用随机的数字和字母来命名的 。。。
  LZ 的最好全盘扫描一下。。。
菡萏逸香
 楼主| 发表于 2007-7-12 17:52:30 | 显示全部楼层

谢谢楼上的回答:)

现在还是没有解决。

来了下面的东西。。
2007-07-11_193836.gif
九棒歪打
发表于 2007-7-12 19:26:18 | 显示全部楼层
清理助手能检测出来应该就能删
菡萏逸香
 楼主| 发表于 2007-7-12 20:11:41 | 显示全部楼层

请大大们给看看:))

日志文件: 趋势科技 HijackThis v2.0.0 (BETA)
保存时间: 20:10:41, on 2007-7-12
操作系统: Windows 2000 SP4 (WinNT 5.00.2195)
启动模式: 正常

正在运行的进程:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
D:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\A 实用工具\恶意软件清理助手\Trend Micro HijackThis 2.0.0 汉化版\ha_hijackthisv2_pp\HA_HijackThisv2_PP\HiJackThis_v2.exe

O3 - 工具栏: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKUS\.DEFAULT\..\Run: [Internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor]  (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - 扩展右键菜单项: &使用快车(FlashGet)下载 - D:\A 实用工具\下载工具\FlashGet182\jc_link.htm
O8 - 扩展右键菜单项: &使用快车(FlashGet)下载全部链接 - D:\A 实用工具\下载工具\FlashGet182\jc_all.htm
O8 - 扩展右键菜单项: 使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - 扩展右键菜单项: 使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O9 - Extra button: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINNT\system32\shdocvw.dll
O9 - Extra button: 快车 - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\A 实用工具\下载工具\FlashGet182\flashget.exe
O9 - Extra 'Tools' menuitem: 快车(FlashGet) - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\A 实用工具\下载工具\FlashGet182\flashget.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{25398938-892F-4AF8-9D4B-5C9B9C623CDC}: NameServer = 202.106.0.20
O17 - HKLM\System\CS1\Services\Tcpip\..\{25398938-892F-4AF8-9D4B-5C9B9C623CDC}: NameServer = 202.106.0.20
O17 - HKLM\System\CS2\Services\Tcpip\..\{25398938-892F-4AF8-9D4B-5C9B9C623CDC}: NameServer = 202.106.0.20
O21 - SSODL: DVDBurn - {790448C3-4239-45AF-C98B-367991A8B103} - (没有文件)
O22 - SharedTaskScheduler: Browseui 预加载程序 - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\System32\browseui.dll
O22 - SharedTaskScheduler: 组件类别缓存程序 - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\System32\browseui.dll
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: kavsvc - Steganos GmbH - C:\Program Files\Steganos AntiVirus 2006\kavsvc.exe
O23 - Service: ll_reg - Unknown owner - Rundll32.exe (file missing)
O23 - Service: NetMeeting Remote Desktop (RPC) Sharing - Unknown owner - Rundll32.exe (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - D:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Network Provisioning Stop (xmlpro) - Unknown owner - C:\WINNT\system32\Lysvr.exe

--
文件结束 - 3926 字节


-------------------------------------------

先谢谢大家!!!

偶是老菜鸟。。。55
菡萏逸香
 楼主| 发表于 2007-7-12 20:29:16 | 显示全部楼层
  1. 2007-07-12,20:27:37

  2. System Repair Engineer 2.5.16.900
  3. Smallfrogs (http://www.KZTechs.com)

  4. Windows 2000 Professional Service Pack 4 (Build 2195) - 管理权限用户 - 完整功能

  5. 以下内容被选中:
  6.     所有的启动项目(包括注册表、启动文件夹、服务等)
  7.     浏览器加载项
  8.     正在运行的进程(包括进程模块信息)
  9.     文件关联
  10.     Winsock 提供者
  11.     Autorun.inf
  12.     HOSTS 文件
  13.     进程特权扫描


  14. 启动项目
  15. 注册表
  16. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  17.     <Synchronization Manager><mobsync.exe /logon>  [(Verified)Microsoft Windows 2000 Publisher]
  18. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  19.     <shell><Explorer.exe>  [(Verified)Microsoft Windows 2000 Publisher]
  20.     <Userinit><C:\WINNT\System32\userinit.exe,>  [(Verified)Microsoft Windows 2000 Publisher]
  21. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
  22.     <{57B86673-276A-48B2-BAE7-C6DBB3020EB8}><C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll>  [Anti-Malware Development a.s.]
  23.     <{0CD68AC9-FF63-3E61-626B-B663E62F6236}><>  [N/A]
  24.     <{36CD708B-6077-4C02-9377-D73EAA495A0F}><C:\WINNT\WinHttp.dll>  [Microsoft Corporation]
  25. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
  26.     <DVDBurn><>  [N/A]
  27. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
  28.     <Internet Explorer 访问><"C:\WINNT\system32\shmgrate.exe" OCInstallUserConfigIE>  [N/A]
  29. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
  30.     <Outlook Express 访问><"C:\WINNT\system32\shmgrate.exe" OCInstallUserConfigOE>  [N/A]
  31. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
  32.     <Microsoft Windows Media Player 6.4><rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\mplayer2.inf,PerUserStub.NT>  [(Verified)Microsoft Windows 2000 Publisher]
  33. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
  34.     <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
  35. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
  36.     <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows 2000 Publisher]
  37. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
  38.     <Address Book 5><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]
  39. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
  40.     <CRLUpdate><%SystemRoot%\System32\updcrl.exe -e -u %SystemRoot%\System32\verisignpub1.crl>  [N/A]
  41. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmxpbpl.exe]
  42.     <IFEO[cmxpbpl.exe]><NoVirus>  [N/A]
  43. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cyqttve.exe]
  44.     <IFEO[cyqttve.exe]><NoVirus>  [N/A]
  45. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dmecvcm.exe]
  46.     <IFEO[dmecvcm.exe]><NoVirus>  [N/A]
  47. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dtstorp.exe]
  48.     <IFEO[dtstorp.exe]><NoVirus>  [N/A]
  49. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egclmvo.exe]
  50.     <IFEO[egclmvo.exe]><NoVirus>  [N/A]
  51. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gnkjkrl.exe]
  52.     <IFEO[gnkjkrl.exe]><NoVirus>  [N/A]
  53. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\haqeyfy.exe]
  54.     <IFEO[haqeyfy.exe]><NoVirus>  [N/A]
  55. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iywdqdf.exe]
  56.     <IFEO[iywdqdf.exe]><NoVirus>  [N/A]
  57. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kocmbcd.exe]
  58.     <IFEO[kocmbcd.exe]><NoVirus>  [N/A]
  59. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lnmwiid.exe]
  60.     <IFEO[lnmwiid.exe]><NoVirus>  [N/A]
  61. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\meex.com]
  62.     <IFEO[meex.com]><NoVirus>  [N/A]
  63. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nqgphqd.exe]
  64.     <IFEO[nqgphqd.exe]><NoVirus>  [N/A]
  65. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\oduxyym.exe]
  66.     <IFEO[oduxyym.exe]><NoVirus>  [N/A]
  67. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ouvjwsc.exe]
  68.     <IFEO[ouvjwsc.exe]><NoVirus>  [N/A]
  69. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rmwaccq.exe]
  70.     <IFEO[rmwaccq.exe]><NoVirus>  [N/A]
  71. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\suvtufx.exe]
  72.     <IFEO[suvtufx.exe]><NoVirus>  [N/A]
  73. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\udnnnvq.exe]
  74.     <IFEO[udnnnvq.exe]><NoVirus>  [N/A]
  75. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vlskjgs.exe]
  76.     <IFEO[vlskjgs.exe]><NoVirus>  [N/A]
  77. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wocfiba.exe]
  78.     <IFEO[wocfiba.exe]><NoVirus>  [N/A]
  79. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wojhadp.exe]
  80.     <IFEO[wojhadp.exe]><NoVirus>  [N/A]
  81. [HKEY_CURRENT_USER\Control Panel\Desktop]
  82.     <SCRNSAVE.EXE><C:\WINNT\system32\sspipes.scr>  [(Verified)Microsoft Windows 2000 Publisher]

  83. ==================================
  84. 启动文件夹
  85. [Kaspersky Anti-Hacker]
  86.   <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Kaspersky Anti-Hacker.lnk --> C:\PROGRA~1\KASPER~1\KASPER~2\KAVPF.exe [Kaspersky Lab]><N>

  87. ==================================
  88. 服务
  89. [438F4BE6 / 438F4BE6][Stopped/Auto Start]
  90.   <C:\WINNT\system32\9A313E6B.EXE -k><Microsoft Corporation>
  91. [Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
  92.   <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
  93. [ewido anti-spyware 4.0 guard / ewido anti-spyware 4.0 guard][Running/Auto Start]
  94.   <C:\Program Files\ewido anti-spyware 4.0\guard.exe><Anti-Malware Development a.s.>
  95. [kavsvc / kavsvc][Running/Manual Start]
  96.   <"C:\Program Files\Steganos AntiVirus 2006\kavsvc.exe"><Steganos GmbH>
  97. [ll_reg / ll_reg][Stopped/Auto Start]
  98.   <Rundll32.exe Task688.dll ondll_server><Microsoft Corporation>
  99. [NetMeeting Remote Desktop (RPC) Sharing / NetMeeting Remote Desktop (RPC) Sharing][Stopped/Auto Start]
  100.   <Rundll32.exe Task688.dll ondll_server><Microsoft Corporation>
  101. [PC Tools Spyware Doctor / SDhelper][Running/Auto Start]
  102.   <D:\Program Files\Spyware Doctor\sdhelp.exe><PC Tools Research Pty Ltd>
  103. [VKTServ / VKTServ][Stopped/Auto Start]
  104.   <><N/A>
  105. [Network Provisioning Stop / xmlpro][Stopped/Auto Start]
  106.   <C:\WINNT\system32\Lysvr.exe -run><N/A>

  107. ==================================
  108. 驱动程序
  109. [dmboot / dmboot][Stopped/Disabled]
  110.   <System32\drivers\dmboot.sys><VERITAS Software Corp.>
  111. [Logical Disk Manager Driver / dmio][Running/Boot Start]
  112.   <\SystemRoot\System32\drivers\dmio.sys><VERITAS Software Corp.>
  113. [dmload / dmload][Running/Boot Start]
  114.   <\SystemRoot\System32\drivers\dmload.sys><VERITAS Software Corp.>
  115. [ewido anti-spyware 4.0 driver / ewido anti-spyware 4.0 driver][Running/System Start]
  116.   <\??\C:\Program Files\ewido anti-spyware 4.0\guard.sys><N/A>
  117. [i81x / i81x][Running/Manual Start]
  118.   <System32\DRIVERS\i81xnt5.sys><Intel Corporation>
  119. [File Security Kernel Anti-Spyware Driver / ikhfile][Running/System Start]
  120.   <system32\drivers\ikhfile.sys><PCTools Research Pty Ltd.>
  121. [Kernel Anti-Spyware Driver / ikhlayer][Running/System Start]
  122.   <system32\drivers\ikhlayer.sys><PCTools Research Pty Ltd.>
  123. [Kl1 / Kl1][Running/Boot Start]
  124.   <\SystemRoot\System32\drivers\kl1.sys><Kaspersky Lab>
  125. [Klif / Klif][Running/System Start]
  126.   <System32\drivers\klif.sys><Kaspersky Labs>
  127. [Klmc / Klmc][Running/System Start]
  128.   <System32\drivers\klmc.sys><Kaspersky Lab>
  129. [Klpf / Klpf][Running/Boot Start]
  130.   <\SystemRoot\System32\drivers\Klpf.sys><KL>
  131. [Klpid / Klpid][Running/Boot Start]
  132.   <\SystemRoot\System32\drivers\Klpid.sys><KL>
  133. [Netgroup Packet Filter / NPF][Stopped/Manual Start]
  134.   <system32\DRIVERS\npf.sys><CACE Technologies>
  135. [Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  136.   <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
  137. [WAN Miniport (PPP over Ethernet Protocol) / RMSPPPOE][Running/Manual Start]
  138.   <System32\DRIVERS\RMSPPPOE.SYS><Robert Schlabbach>
  139. [Realtek RTL8139-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  140.   <System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
  141. [Spy Emergency Driver / SpyEmrg][Stopped/System Start]
  142.   <System32\Drivers\spyemrg.sys><N/A>
  143. [TNE0260 Data Broadcasting Adapter / TNE0260][Running/Manual Start]
  144.   <System32\DRIVERS\TNE0260.sys><Tsinghua Novel Corporation>
  145. [TSP / TSP][Stopped/Manual Start]
  146.   <\??\C:\WINNT\system32\drivers\klif.sys><Kaspersky Labs>

  147. ==================================
  148. 浏览器加载项
  149. [启动迅雷5]
  150.   {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
  151. [PCTools Browser Monitor]
  152.   {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} <, N/A>
  153. [快车]
  154.   {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <D:\A 实用工具\下载工具\FlashGet182\flashget.exe, FlashGet.com>
  155. [电台(&R)]
  156.   {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\System32\msdxm.ocx, Microsoft Corporation>
  157. [Shockwave Flash Object]
  158.   {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\System32\Macromed\Flash\Flash8a.ocx, Macromedia, Inc.>
  159. [FGCatchUrl]
  160.   {FB5DA724-162B-11D3-8B9B-AA70B4B0B524} <, N/A>
  161. [&使用快车(FlashGet)下载]
  162.   <D:\A 实用工具\下载工具\FlashGet182\jc_link.htm, N/A>
  163. [&使用快车(FlashGet)下载全部链接]
  164.   <D:\A 实用工具\下载工具\FlashGet182\jc_all.htm, N/A>
  165. [使用迅雷下载]
  166.   <C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
  167. [使用迅雷下载全部链接]
  168.   <C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>

  169. ==================================
  170. 正在运行的进程
  171. [PID: 188][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.00.2195.6601]
  172. [PID: 216][\??\C:\WINNT\system32\csrss.exe]  [Microsoft Corporation, 5.00.2195.6601]
  173.     [C:\WINNT\system32\2F58038F.DLL]  [N/A, ]
  174.     [D:\Program Files\Spyware Doctor\tools\swpg.dat]  [PC Tools, 3.6.0.2080]
  175. [PID: 212][\??\C:\WINNT\system32\winlogon.exe]  [Microsoft Corporation, 5.00.2195.6997]
  176.     [C:\WINNT\system32\2F58038F.DLL]  [N/A, ]
  177.     [C:\WINNT\system32\wdmaud.drv]  [Microsoft Corporation, 5.00.2195.6673]
  178.     [C:\WINNT\system32\msacm32.drv]  [Microsoft Corporation, 5.00.2134.1]
  179.     [D:\Program Files\Spyware Doctor\tools\swpg.dat]  [PC Tools, 3.6.0.2080]
  180. [PID: 264][C:\WINNT\system32\services.exe]  [Microsoft Corporation, 5.00.2195.7035]
  181.     [C:\WINNT\system32\dmserver.dll]  [VERITAS Software Corp., 2195.6605.297.3]
  182.     [C:\WINNT\system32\2F58038F.DLL]  [N/A, ]
  183.     [D:\Program Files\Spyware Doctor\tools\swpg.dat]  [PC Tools, 3.6.0.2080]
  184. [PID: 276][C:\WINNT\system32\lsass.exe]  [Microsoft Corporation, 5.00.2195.7011]
  185.     [C:\WINNT\system32\2F58038F.DLL]  [N/A, ]
  186.     [D:\Program Files\Spyware Doctor\tools\swpg.dat]  [PC Tools, 3.6.0.2080]
  187. [PID: 452][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
  188.     [C:\WINNT\system32\2F58038F.DLL]  [N/A, ]
  189.     [D:\Program Files\Spyware Doctor\tools\swpg.dat]  [PC Tools, 3.6.0.2080]
  190. [PID: 476][C:\WINNT\system32\spoolsv.exe]  [Microsoft Corporation, 5.00.2195.7013]
  191.     [C:\WINNT\system32\2F58038F.DLL]  [N/A, ]
  192.     [D:\Program Files\Spyware Doctor\tools\swpg.dat]  [PC Tools, 3.6.0.2080]
  193. [PID: 524][C:\WINNT\System32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
  194.     [C:\WINNT\system32\2F58038F.DLL]  [N/A, ]
  195.     [D:\Program Files\Spyware Doctor\tools\swpg.dat]  [PC Tools, 3.6.0.2080]
  196.     [C:\WINNT\System32\unimdm.tsp]  [Microsoft Corporation, 5.00.2195.6601]
  197.     [C:\WINNT\System32\kmddsp.tsp]  [Microsoft Corporation, 5.00.2150.1]
  198.     [C:\WINNT\System32\ndptsp.tsp]  [Microsoft Corporation, 5.00.2143.1]
  199.     [C:\WINNT\System32\ipconf.tsp]  [Microsoft Corporation, 5.00.2143.1]
  200.     [C:\WINNT\System32\h323.tsp]  [Microsoft Corporation, 5.00.2195.6901]
  201. [PID: 544][C:\Program Files\ewido anti-spyware 4.0\guard.exe]  [Anti-Malware Development a.s., 4, 0, 0, 172]
  202.     [C:\Program Files\ewido anti-spyware 4.0\engine.dll]  [Anti-Malware Development a.s., 4, 0, 0, 172]
  203.     [C:\WINNT\system32\2F58038F.DLL]  [N/A, ]
  204.     [D:\Program Files\Spyware Doctor\tools\swpg.dat]  [PC Tools, 3.6.0.2080]
  205. [PID: 792][C:\WINNT\Explorer.EXE]  [Microsoft Corporation, 5.00.3700.6690]
  206.     [C:\WINNT\AppPatch\AcLayers.DLL]  [Microsoft Corporation, 5.00.2195.6717]
  207.     [C:\WINNT\system32\2F58038F.DLL]  [N/A, ]
  208.     [C:\WINNT\system32\wdmaud.drv]  [Microsoft Corporation, 5.00.2195.6673]
  209.     [C:\WINNT\system32\msacm32.drv]  [Microsoft Corporation, 5.00.2134.1]
  210.     [D:\Program Files\Spyware Doctor\tools\swpg.dat]  [PC Tools, 3.6.0.2080]
  211.     [C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll]  [Anti-Malware Development a.s., 4, 0, 0, 172]
  212.     [C:\Program Files\Steganos AntiVirus 2006\scrchpg.dll]  [Steganos GmbH, 5.0.1.18]
  213.     [C:\Program Files\Steganos AntiVirus 2006\scrch_ag.dll]  [Steganos GmbH, 8.5.0.1]
  214.     [C:\Program Files\Steganos AntiVirus 2006\FSSync.dll]  [Steganos GmbH, 8.5.0.0]
  215.     [C:\Program Files\Steganos AntiVirus 2006\pr_rmt.dll]  [Steganos GmbH, 8.5.0.390]
  216.     [C:\WINNT\system32\MSVCP60.dll]  [Microsoft Corporation, 6.00.8972.0]
  217.     [C:\Program Files\Steganos AntiVirus 2006\ccclient.dll]  [Steganos GmbH, 8.5.0.1]
  218.     [C:\Program Files\Steganos AntiVirus 2006\klipc.dll]  [Steganos GmbH, 8.5.0.390]
  219.     [C:\Program Files\Steganos AntiVirus 2006\KLUtil.dll]  [Steganos GmbH, 8.5.0.1]
  220.     [C:\Program Files\Steganos AntiVirus 2006\rpt.dll]  [Steganos GmbH, 8.5.0.2]
  221.     [C:\Program Files\Steganos AntiVirus 2006\CCIFACE.dll]  [Steganos GmbH, 8.5.0.1]
  222.     [C:\Program Files\Steganos AntiVirus 2006\prloader.dll]  [Steganos GmbH, 8.5.0.390]
  223.     [C:\Program Files\Steganos AntiVirus 2006\prkernel.ppl]  [Kaspersky Lab, 5.0.390.0]
  224.     [c:\program files\steganos antivirus 2006\prstring.ppl]  [Kaspersky Lab, 5.0.390.0]
  225.     [c:\program files\steganos antivirus 2006\pr_srv.ppl]  [Kaspersky Lab, 5.0.390.0]
  226.     [c:\program files\steganos antivirus 2006\pr_clnt.ppl]  [Kaspersky Lab, 5.0.390.0]
  227.     [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
  228.     [D:\Program Files\Spy Emergency 2006\SpyEmergencyExt.dll]  [NETGATE Technologies s.r.o., 3, 0, 325, 0]
  229.     [C:\Program Files\Steganos AntiVirus 2006\shellex.dll]  [Steganos GmbH, 8.5.0.1]
  230.     [C:\Program Files\ewido anti-spyware 4.0\context.dll]  [Anti-Malware Development a.s., 4, 0, 0, 172]
  231. [PID: 880][C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe]  [Kaspersky Lab, 1.9.0.37]
  232.     [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\BCGCB59.dll]  [BCGSoft Ltd, 5, 84, 0, 0]
  233.     [C:\WINNT\system32\MSVCP60.dll]  [Microsoft Corporation, 6.00.8972.0]
  234.     [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\perfiloc.dll]  [Kaspersky 实验室, 1.5.0.0]
  235.     [D:\Program Files\Spyware Doctor\tools\swpg.dat]  [PC Tools, 3.6.0.2080]
  236. [PID: 304][C:\WINNT\system32\regsvc.exe]  [Microsoft Corporation, 5.00.2195.6701]
  237.     [D:\Program Files\Spyware Doctor\tools\swpg.dat]  [PC Tools, 3.6.0.2080]
  238. [PID: 952][C:\WINNT\system32\MSTask.exe]  [Microsoft Corporation, 4.71.2195.6972]
  239.     [D:\Program Files\Spyware Doctor\tools\swpg.dat]  [PC Tools, 3.6.0.2080]
  240. [PID: 956][D:\Program Files\Spyware Doctor\sdhelp.exe]  [PC Tools Research Pty Ltd, 3.6.0.2026]
  241.     [D:\Program Files\Spyware Doctor\tools\swpg.dat]  [PC Tools, 3.6.0.2080]
  242. [PID: 1024][C:\WINNT\System32\WBEM\WinMgmt.exe]  [Microsoft Corporation, 1.50.1085.0100]
  243.     [D:\Program Files\Spyware Doctor\tools\swpg.dat]  [PC Tools, 3.6.0.2080]
  244. [PID: 1132][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
  245.     [D:\Program Files\Spyware Doctor\tools\swpg.dat]  [PC Tools, 3.6.0.2080]
  246. [PID: 1732][D:\A 实用工具\系统设置\System Repair Engineer 2.5.16.900\sreng2\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
  247.     [D:\Program Files\Spyware Doctor\tools\swpg.dat]  [PC Tools, 3.6.0.2080]
  248.     [D:\A 实用工具\系统设置\System Repair Engineer 2.5.16.900\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]

  249. ==================================
  250. 文件关联
  251. .TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
  252. .EXE  OK. ["%1" %*]
  253. .COM  OK. ["%1" %*]
  254. .PIF  OK. ["%1" %*]
  255. .REG  OK. [regedit.exe "%1"]
  256. .BAT  OK. ["%1" %*]
  257. .SCR  OK. ["%1" /S]
  258. .CHM  Error. ["hh.exe" %1]
  259. .HLP  Error. [winhlp32.exe %1]
  260. .INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
  261. .INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
  262. .VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
  263. .JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
  264. .LNK  OK. [{00021401-0000-0000-C000-000000000046}]

  265. ==================================
  266. Winsock 提供者
  267. N/A

  268. ==================================
  269. Autorun.inf
  270. N/A

  271. ==================================
  272. HOSTS 文件
  273. 127.0.0.1 202.100.96.68
  274. 127.0.0.1 202.96.64.84

  275. ==================================
  276. 进程特权扫描
  277. 特殊特权被允许: SeLoadDriverPrivilege [PID = 544, C:\PROGRAM FILES\EWIDO ANTI-SPYWARE 4.0\GUARD.EXE]
  278. 特殊特权被允许: SeSystemtimePrivilege [PID = 544, C:\PROGRAM FILES\EWIDO ANTI-SPYWARE 4.0\GUARD.EXE]
  279. 特殊特权被允许: SeSystemtimePrivilege [PID = 880, C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-HACKER\KAVPF.EXE]
  280. 特殊特权被允许: SeDebugPrivilege [PID = 880, C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-HACKER\KAVPF.EXE]
  281. 特殊特权被允许: SeLoadDriverPrivilege [PID = 880, C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-HACKER\KAVPF.EXE]

  282. ==================================
  283. API HOOK
  284. RVA  错误: LoadLibraryA (危险等级: 高,  被下面模块所HOOK: \SystemRoot\System32\drivers\klif.sys)
  285. RVA  错误: LoadLibraryExA (危险等级: 高,  被下面模块所HOOK: \SystemRoot\System32\drivers\klif.sys)
  286. RVA  错误: LoadLibraryExW (危险等级: 高,  被下面模块所HOOK: \SystemRoot\System32\drivers\klif.sys)
  287. RVA  错误: LoadLibraryW (危险等级: 高,  被下面模块所HOOK: \SystemRoot\System32\drivers\klif.sys)
  288. 入口点错误:FreeLibrary (危险等级: 高,  被下面模块所HOOK: 0x5F00000B)

  289. ==================================
  290. 隐藏进程
  291.     [1517] C:\Program Files\Steganos AntiVirus 2006\kav.exe
  292.     [1533] C:\Program Files\Steganos AntiVirus 2006\kavsvc.exe

  293. ==================================
复制代码
qerqa
发表于 2007-7-12 23:41:00 | 显示全部楼层
AV
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-12-23 21:14 , Processed in 0.127647 second(s), 20 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表