求助木马程序 Trojan-Downloader.VBS.Small.bo

hflcat

C:\WINNT\media\wmi.vbs
C:\WINNT\media\yes.bat
C:\WINNT\media\s.exe
已检测到: 风险软件 Hidden object 运行进程: C:\WINNT\MediA\auto

用冰刃删除后重启又出现，求解决方法

wangjay1980

扫个报告看看

hflcat

各位高手：
非常感谢您留心我这份系统诊断报告，小菜鸟十万火急等待您的帮助！
该诊断报告由360安全卫士提供 http://www.360safe.com
诊断时间: 2007-03-15  18:08:59
诊断平台: Microsoft Windows 2000  Service Pack 4
IE版本: Internet Explorer V6.0.2800.1106 Build:62800.1106
计算机物理内存:1023MB - 当前可用内存:744MB
100 - 未知 - Process: smss.exe [] - C:\WINNT\HELP\SMSS.EXE
100 - 未知 - Process: avgas.exe [AVG Anti-Spyware] - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
100 - 未知 - Process: iexplore.exe [Internet Explorer] - C:\Documents and Settings\y\桌面\iexplore.exe
O8 - 未知 - Extra context menu item: 上传到QQ网络硬盘 - E:\Program Files\QQ\AddToNetDisk.htm
O8 - 未知 - Extra context menu item: 添加到QQ自定义面板 - E:\Program Files\QQ\AddPanel.htm
O8 - 未知 - Extra context menu item: 添加到QQ表情 - E:\Program Files\QQ\AddEmotion.htm
O8 - 未知 - Extra context menu item: 用QQ彩信发送该图片 - E:\Program Files\QQ\SendMMS.htm
O9 - 未知 - Extra button: 浩方对战平台(HKLM) - E:\Program Files\浩方对战平台\GameClient.exe
O9 - 未知 - Extra button: 腾讯QQ(HKLM) - E:\Program Files\QQ\QQ.EXE
O9 - 未知 - Extra button: FlashGet(HKLM) - C:\PROGRA~1\FLASHGET\flashget.exe
O16 - 未知 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - [url=http://www.kaspersky.com.cn/webscanner/kavwebscan_unicode.cabhttp://www.kaspersky.com.cn/webscanner/kavwebscan_unicode.cab[/color[/url]]
O16 - 未知 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (CEditCtrl Object) - [url=https://img.alipay.com/download/aliedit.cabhttps://img.alipay.com/download/aliedit.cab[/color[/url]]
O23 - 未知 - Service: AeLookupSvc [在应用程序启动时为应用程序处理应用程序兼容性缓存请求] - C:\WINNT\MediA\auto - (not running)
O23 - 未知 - Service: AVG Anti-Spyware Guard [AVG Anti-Spyware Guard] - d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe - (not running)
O23 - 未知 - Service: AVP [保护计算机远离病毒和间谍软件的威胁。] - "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r - (running)
O23 - 未知 - Service: IPRIP [通知所选用户和计算机有关系统管理级警报。如果服务停止，使用管理警报的程序将不会受到它们。如果此服务被禁用，任何直接依赖它的服务都将不能启动。] - C:\WINNT\system32\acss.dll - (starting)
O23 - 未知 - Service: SNMP Trap Service [收集由本地或远程SNMP客户端生成的信息，并将其转发给这台计算机上运行的SNMP管理程序。] - C:\WINNT\system32\spool\wumian - (not running)
=======================================
100 - 安全 - Process: smss.exe [该进程为会话管理子系统用以初始化系统变量，ms-dos驱动名称类似lpt1以及com，调用win32壳子系统和运行在windows登陆过程。] - C:\WINNT\System32\smss.exe
100 - 安全 - Process: csrss.exe [客户端服务子系统，用以控制windows图形相关子系统。] - C:\WINNT\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512,512 Windows=On SubSystemType=Windows ServerDll=ba
100 - 安全 - Process: WINLOGON.EXE [windows nt用户登陆程序。] - C:\WINNT\system32\winlogon.exe
100 - 安全 - Process: SERVICES.EXE [用于管理windows服务系统进程。] - C:\WINNT\system32\services.exe
100 - 安全 - Process: LSASS.EXE [本地安全权限服务控制windows安全机制。] - C:\WINNT\system32\lsass.exe
100 - 安全 - Process: ati2evxx.exe [ati显卡相关后台程序。] - C:\WINNT\system32\Ati2evxx.exe
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINNT\system32\svchost -k rpcss
100 - 安全 - Process: spoolsv.exe [windows打印任务控制程序，用以打印机就绪。] - C:\WINNT\system32\spoolsv.exe
100 - 安全 - Process: avp.exe [卡巴斯基杀毒软件相关程序。] -
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINNT\system32\svchost.exe -k netsvcs
100 - 安全 - Process: mstask.exe [windows计划任务用于设定继承在什么时间或者什么日期备份或者运行。] - C:\WINNT\system32\MSTask.exe
100 - 安全 - Process: winmgmt.exe [windows management service透过windows management instrumentation data (wmi)技术处理来自应用客户端的请求。] - C:\WINNT\System32\WBEM\WinMgmt.exe
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINNT\system32\svchost.exe -k wugroup
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINNT\system32\svchost.exe -k BITSgroup
100 - 安全 - Process: ati2evxx.exe [ati显卡相关后台程序。] - C:\WINNT\system32\Ati2evxx.exe
100 - 安全 - Process: explorer.exe [windows program manager或者windows explorer用于控制windows图形shell，包括开始菜单、任务栏，桌面和文件管理。] - C:\WINNT\Explorer.EXE
100 - 安全 - Process: conime.exe [console ime ime输入法控制台软件。] - C:\WINNT\system32\conime.exe
100 - 安全 - Process: SOUNDMAN.EXE [一个软声卡控制台软件。] - C:\WINNT\SOUNDMAN.EXE
100 - 安全 - Process: atiptaxx.exe [ati显卡相关工具软件。] - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
100 - 安全 - Process: realsched.exe [realone播放器安装时附带的升级提醒程序。] - C:\Program Files\Common Files\Real\Update_OB\realsched.exe
100 - 安全 - Process: avp.exe [卡巴斯基杀毒软件相关程序。] -
100 - 安全 - Process: HNMainUI.exe [adsl宽带拨号王软件。] - C:\Program Files\HelloNet\HNMainUI.exe
100 - 安全 - Process: 360Safe.exe [360安全卫士] - E:\Program Files\360safe\360Safe.exe
R1 - 安全 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=about:blank
R1 - 安全 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=about:blank
O2 - 安全 - BHO: (浏览器辅助对象(BHO)) - [网际快车IE模块。] - {A5366673-E8CA-11D3-9CD9-0090271D075B} -
O3 - 安全 - Toolbar: (@msdxmLC.dll,-1@2052,电台(&R)) - [是Windows Media Player播放器ActiveX控制相关文件。] - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - 安全 - Toolbar: (BitComet工具栏) - [bitcomet工具栏] - {3F1ABCDB-A875-46c1-8345-B72A4567E486} - e:\Program Files\BitComet\BitCometBar\BitCometBar0.6.dll
O4 - 安全 - HKLM\..\Run: [Synchronization Manager] [资料同步管理器] mobsync.exe /logon
O4 - 安全 - HKLM\..\Run: [SoundMan] [Realtek声卡相关程序。] SOUNDMAN.EXE
O4 - 安全 - HKLM\..\Run: [ATIPTA] [ati显卡驱动的系统托盘图标，可调节显卡属性] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - 安全 - HKLM\..\Run: [TkBellExe] [是Real Networks产品定时升级检测程序。] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - 安全 - HKLM\..\Run: [StormCodec_Helper] [是暴风影音的插件。] ; "D:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - 安全 - HKLM\..\Run: [kav] [卡巴斯基杀毒软件相关程序。] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - 安全 - HKLM\..\Run: [!AVG Anti-Spyware] [一款杀毒软件AVG的相关启动程序。] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - 安全 - HKCU\..\Run: [ctfmon.exe] [office xp输入法图标。] ctfmon.exe
O4 - 安全 - Startup folder: [ADSL拨号王.lnk] [一款adsl拨号软件。] C:\Documents and Settings\y\「开始」菜单\程序\启动\ADSL拨号王.lnk
O8 - 安全 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - 安全 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O9 - 安全 - Extra button: 卡巴斯基Web反病毒保护插件(HKLM) - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O16 - 安全 - DPF: {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} (招商银行个人版) - https://www.sz1.cmbchina.com/download/CMBEdit.cab
O16 - 安全 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (中国工商银行个人银行) - https://mybank.icbc.com.cn/icbc/perbank/AXSafeControls.cab
O16 - 安全 - DPF: {ACFE8232-03C5-4AEC-AF5E-42B806724096} (金山毒霸检疫站) - http://scan.kingsoft.com/scan/fangyi/KAllScan.CAB
O16 - 安全 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Flash播放器) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - 安全 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (瑞星免费在线查毒插件) - http://download.rising.com.cn/register/pcver/autoupgradepad/pcver2006new/OL2006.cab
O23 - 安全 - Service: Ati HotKey Poller [是ATI显示卡增强工具。] - C:\WINNT\system32\Ati2evxx.exe - (running)
O23 - 安全 - Service: Fax [微软Microsoft传真服务相关程序，该服务允许用户创建和发送传真到微软Office组件中。] - C:\WINNT\system32\faxsvc.exe - (not running)
=======================================
O40 - winlogon.exe - Kaspersky Lab - C:\WINNT\system32\klogon.dll - Logon Visualizer - 7072750eb5c0f0cd54b48f972855ca61
O40 - Explorer.EXE - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scr_ch_pg.dll - Script Checker - c15736f474624083153ee37826a4001b
O40 - Explorer.EXE - Anti-Malware Development a.s. - d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll - AVG Anti-Spyware shellexecutehook - 4c7f099b3ffde9805ae290de3e593397
O40 - Explorer.EXE - Adobe Systems, Inc. - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll - PDF Shell Extension - 4b0991cd076b617a2231b19a6663c1c9
=======================================
O41 - AVG Anti-Spyware Driver - AVG Anti-Spyware Driver - d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys - (running) -  -  - 7d78b7fd0ebe00f177b053a08c78e35b
O41 - AvgAsCln - AVG7 Clean Driver - C:\WINNT\system32\drivers\AvgAsCln.sys - (running) - AVG7 Clean Driver - GRISOFT, s.r.o. - 6d4a1da6e6d522b3ebbcbff4a3589ec5
O41 - BRPPPOE - BRPPPOE - C:\WINNT\system32\drivers\brpppoe.sys - (running) -  -  - 81a12781b03ec5dea19e7853c0969fb9
O41 - IdeBusDr - Intel Application Accelerator Driver - C:\WINNT\system32\drivers\IdeBusDr.sys - (running) - Intel Application Accelerator Driver - Intel Corporation - 791f0829de88dd0ca77192f0dfad03b6
O41 - IdeChnDr - Intel Application Accelerator Driver - C:\WINNT\system32\drivers\IdeChnDr.sys - (running) - Intel Application Accelerator Driver - Intel Corporation - 7d2b8be9e89628663c1fb571f7c34062
O41 - kl1 - Kaspersky Unified Driver - C:\WINNT\system32\drivers\kl1.sys - (running) - Kaspersky Unified Driver - Kaspersky Lab - 5445b03cd42dedf5f85b9daf712fdd09
O41 - klif - spuper-ptor - C:\WINNT\system32\drivers\klif.sys - (running) - spuper-ptor - Kaspersky Lab - 2985985b39e13643f941b6396fb915dd
O41 - npkcrypt - nProtect KeyCrypt Driver - E:\Program Files\QQ\npkcrypt.sys - (running) - nProtect KeyCrypt Driver - INCA Internet Co., Ltd. - 8bcb281a2540e7aff0cd00f9878fe21f
O41 - PfModNT - PCI/ISA Device Info. Service - C:\WINNT\system32\PfModNT.sys - (running) - PCI/ISA Device Info. Service - Creative Technology Ltd. - 2f5532f9b0f903b26847da674b4f55b2
O41 - SVKP - SVKP driver for NT - C:\WINNT\system32\SVKP.sys - (running) - SVKP driver for NT - AntiCracking - f05028b163b92c302a74409d683ac9b0
O41 - cwrwdm - Crystal PCI WDM Audio Driver - C:\WINNT\system32\drivers\cwrwdm.sys - (not running) - Crystal PCI WDM Audio Driver - Cirrus Logic Inc. - 9332b49d6bdb0eca3f0edaeae120243b
O41 - gameenum - gameenum - C:\WINNT\system32\DRIVERS\gameenum.sys - (not running) -  -  -
O41 - TSP - spuper-ptor - C:\WINNT\system32\drivers\klif.sys - (not running) - spuper-ptor - Kaspersky Lab - 2985985b39e13643f941b6396fb915dd
O41 - xBlock3 - xBlock3 - C:\WINNT\system32\Drivers\xBlock3.sys - (not running) -  -  -
O41 - xProc - xProc - C:\WINNT\system32\Drivers\xProc.sys - (not running) -  -  -
=======================================
360Safe.exe=3.2.0.1001
AntiAdwa.dll=3.2.0.1001
AntiEng.dll=3.0.2.2000
AntiActi.dll=2.0.0.3000
CleanHis.dll=3.0.2.1000
safelive.exe=1.0.0.2007
live.dll=1.0.0.1011
=======================================
操作历史报告：
----------查杀恶意软件历史----------
2006-10-20 22:25
查杀恶意软件 - LinkMedia - 危险 - C:\WINNT\system32\ACSs.dll
2006-10-20 23:7
查杀恶意软件 - 迷你PP - 安全 -
查杀恶意软件 - LinkMedia - 危险 -
2006-12-04 19:33
查杀恶意软件 - 网络实名 - 危险 -
查杀恶意软件 - 雅虎助手&上网助手 - 危险 -
2006-12-05 18:52
查杀恶意软件 - 网际快车附带的工具栏 - 安全 -
查杀恶意软件 - Adobe Reader附带的BHO插件 - 安全 -
2006-12-22 18:40
查杀恶意软件 - adx广告 - 危险 - C:\WINNT\PIF
2007-01-18 17:53
查杀恶意软件 - OKTE搜索工具条 - 危险 - C:\WINNT\system32\YingInstall
2007-01-26 19:26
查杀恶意软件 - BitComet下载组件 - 安全 -
2007-03-06 18:27
查杀恶意软件 - 伪Windows XP Vista - 危险 -
2007-03-08 17:58
查杀恶意软件 - 网络实名 - 危险 -

----------插件卸载操作历史----------
2006-10-20 23:04
插件管理 - 迷你PP - C:\WINNT\system32\THUNDE~1.DLL
插件管理 - LinkMedia - C:\WINNT\system32\ACSs.dll
2006-10-20 23:05
插件管理 - 迅雷下载组件 -
插件管理 - LinkMedia - C:\WINNT\system32\ACSs.dll
插件管理 - SafeHelper11 Module - C:\WINNT\system32\SafeHelper12.dll
2006-10-25 18:40
插件管理 - 腾讯QQ附带的QQIEHelper插件 -
2006-10-25 18:40
插件管理 - Adobe Reader附带的BHO插件 - C:\PROGRA~1\Adobe\ACROBA~1.0\ActiveX\ACROIE~1.DLL
2006-12-04 19:57
插件管理 - 网际快车附带的工具栏 - C:\PROGRA~1\FLASHGET\fgiebar.dll
插件管理 - 腾讯QQ附带的QQIEHelper插件 -
2006-12-09 10:16
插件管理 - 腾讯QQ附带的QQIEHelper插件 -
2007-01-26 19:17
插件管理 - BitComet下载组件 - e:\PROGRA~1\BitComet\tools\BITCOM~2.DLL
2007-03-08 17:58
插件管理 - 新浪UC - C:\Documents and Settings\y\「开始」菜单\程序\新浪UC
----------全面诊断修复历史----------
2006-10-20 22:42
O23 - 未知 - GrayPigeonServer1.23 - C:\WINNT\G_Server1.23.exe
O23 - 未知 - GrayPigeon_Hacker.com.cn - C:\WINNT\Hacker.com.cn.exe
O23 - 未知 - IPRIP - C:\WINNT\system32\acss.dll
O23 - 未知 - Nwsapagent -
O23 - 未知 - Windows XP Vista - C:\WINNT\Hacker.com.cn.ini
2006-10-21 01:51
O23 - 未知 - GrayPigeonServer1.23 - C:\WINNT\G_Server1.23.exe
O23 - 未知 - GrayPigeon_Hacker.com.cn - C:\WINNT\Hacker.com.cn.exe
O23 - 未知 - Windows XP Vista - C:\WINNT\Hacker.com.cn.ini
2006-10-21 10:15
100 - 未知 - IEXPLORE.EXE -
2006-10-21 10:15
100 - 未知 - SecBkSrv.exe -
2006-10-21 10:15
O6 - 未知 - 禁止IE相关功能 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions
2006-10-25 18:41
R0 - 未知 - IE搜索页 - HKLM\Software\Microsoft\Internet Explorer\Main
2006-12-04 19:33
O4 - 危险 - svchost.exe - C:\Documents and Settings\All Users\「开始」菜单\程序\启动\svchost.exe
2006-12-08 22:16
O4 - 危险 - svchost.exe - C:\Documents and Settings\All Users\「开始」菜单\程序\启动\svchost.exe
2006-12-09 10:18
O23 - 未知 - IPRIP - C:\WINNT\system32\acss.dll
2006-12-10 17:47
O4 - 危险 - svchost.exe - C:\Documents and Settings\All Users\「开始」菜单\程序\启动\svchost.exe
2006-12-19 21:28
O4 - 危险 - svchost.exe - C:\Documents and Settings\All Users\「开始」菜单\程序\启动\svchost.exe
2006-12-21 18:00
O4 - 危险 - svchost.exe - C:\Documents and Settings\All Users\「开始」菜单\程序\启动\svchost.exe
2007-01-12 17:45
O8 - 未知 - &使用BitComet下载 - res://E:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - 未知 - &使用BitComet下载全部链接 - res://E:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - 未知 - &使用BitComet下载本页视频 - res://E:\Program Files\BitComet\BitComet.exe/AddVideo.htm
2007-01-12 17:45
O8 - 未知 - 导出到 Microsoft Excel(&x) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - 未知 - 添加到QQ自定义面板 - E:\Program Files\QQ\AddPanel.htm
O8 - 未知 - 添加到QQ表情 - E:\Program Files\QQ\AddEmotion.htm
O8 - 未知 - 用QQ彩信发送该图片 - E:\Program Files\QQ\SendMMS.htm
----------修复IE浏览器操作历史----------
2006-10-26 18:28
R0 - 危险 - IE搜索页 - HKCU\Software\Microsoft\Internet Explorer\Main
R1 - 危险 - IE起始页的默认页 - HKCU\Software\Microsoft\Internet Explorer\Main

hflcat

1. 2007-03-15,18:57:46
   
2. System Repair Engineer 2.4.12.806
   
3. Smallfrogs (http://www.KZTechs.com)
   
4. Windows 2000 Professional Service Pack 4 (Build 2195) - 管理权限用户 - 完整功能
   
5. 以下内容被选中：
   
6.     所有的启动项目（包括注册表、启动文件夹、服务等）
   
7.     浏览器加载项
   
8.     正在运行的进程（包括进程模块信息）
   
9.     文件关联
   
10.     Winsock 提供者
    
11.     Autorun.inf
    
12.     HOSTS 文件
    
13. 
    
14. 启动项目
    
15. 注册表
    
16. [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    
17.     <ctfmon.exe><ctfmon.exe>  [N/A]
    
18. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    
19.     <Synchronization Manager><mobsync.exe /logon>  [(Verified)Microsoft Windows 2000 Publisher]
    
20.     <SoundMan><SOUNDMAN.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    
21.     <ATIPTA><C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe>  [ATI Technologies, Inc.]
    
22.     <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    
23.     <StormCodec_Helper><; "D:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti>  [N/A]
    
24.     <kav><"D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe">  [Kaspersky Lab]
    
25.     <!AVG Anti-Spyware><"D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized>  [Anti-Malware Development a.s.]
    
26. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    
27.     <shell><Explorer.exe>  [(Verified)Microsoft Windows 2000 Publisher]
    
28.     <Userinit><C:\WINNT\system32\UserInit.exe,>  [(Verified)Microsoft Windows 2000 Publisher]
    
29. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    
30.     <{B8A170A8-7AD3-4678-B2FE-F2D7381CC1B5}><C:\Program Files\Internet Explorer\Connection Wizard\isignup.sys>  []
    
31.     <{57B86673-276A-48B2-BAE7-C6DBB3020EB8}><d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll>  [Anti-Malware Development a.s.]
    
32. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
    
33.     <WinlogonNotify: klogon><C:\WINNT\system32\klogon.dll>  [Kaspersky Lab]
    
34. ==================================
    
35. 启动文件夹
    
36. [ADSL拨号王]
    
37.   <C:\Documents and Settings\y\「开始」菜单\程序\启动\ADSL拨号王.lnk --> C:\PROGRA~1\HelloNet\HelloNet.exe [HelloNet]><N>
    
38. ==================================
    
39. 服务
    
40. [Application Experience / AeLookupSvc][Stopped/Auto Start]
    
41.   <C:\WINNT\MediA\auto><N/A>
    
42. [Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
    
43.   <C:\WINNT\system32\Ati2evxx.exe><ATI Technologies Inc.>
    
44. [AVG Anti-Spyware Guard / AVG Anti-Spyware Guard][Stopped/Auto Start]
    
45.   <d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe><Anti-Malware Development a.s.>
    
46. [卡巴斯基反病毒6.0 / AVP][Running/Auto Start]
    
47.   <"D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r><Kaspersky Lab>
    
48. [Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
    
49.   <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
    
50. [Spectrum24 Events Monitor / IPRIP][Others/Auto Start]
    
51.   <C:\WINNT\System32\svchost.exe -k netsvcs-->C:\WINNT\system32\acss.dll><N/A>
    
52. [SNMP Trap Service / SNMP Trap Service][Stopped/Auto Start]
    
53.   <C:\WINNT\system32\spool\wumian><N/A>
    
54. ==================================
    
55. 驱动程序
    
56. [Service for WDM 3D Audio Driver / ALCXSENS][Stopped/Manual Start]
    
57.   <system32\drivers\ALCXSENS.SYS><Sensaura>
    
58. [Service for Realtek AC97 Audio (WDM) / ALCXWDM][Stopped/Manual Start]
    
59.   <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
    
60. [ati2mtag / ati2mtag][Running/Manual Start]
    
61.   <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
    
62. [AVG Anti-Spyware Driver / AVG Anti-Spyware Driver][Running/System Start]
    
63.   <\??\d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys><N/A>
    
64. [AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start]
    
65.   <System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.>
    
66. [HelloNet PPPoE 虚拟网卡 / BRPPPOE][Running/Manual Start]
    
67.   <system32\DRIVERS\brpppoe.sys><N/A>
    
68. [SoundFusion(tm) WDM Driver / cwrwdm][Stopped/Manual Start]
    
69.   <system32\DRIVERS\cwrwdm.sys><Cirrus Logic Inc.>
    
70. [dmboot / dmboot][Stopped/Disabled]
    
71.   <System32\drivers\dmboot.sys><VERITAS Software Corp.>
    
72. [Logical Disk Manager Driver / dmio][Running/Boot Start]
    
73.   <\SystemRoot\System32\drivers\dmio.sys><VERITAS Software Corp.>
    
74. [dmload / dmload][Running/Boot Start]
    
75.   <\SystemRoot\System32\drivers\dmload.sys><VERITAS Software Corp.>
    
76. [SoundFusion(tm) Joystick / gameenum][Stopped/Manual Start]
    
77.   <system32\DRIVERS\gameenum.sys><N/A>
    
78. [IdeBusDr / IdeBusDr][Running/Boot Start]
    
79.   <\SystemRoot\system32\DRIVERS\IdeBusDr.sys><Intel Corporation>
    
80. [Intel(R) Ultra ATA Controller / IdeChnDr][Running/Boot Start]
    
81.   <\SystemRoot\system32\DRIVERS\IdeChnDr.sys><Intel Corporation>
    
82. [kl1 / kl1][Running/Boot Start]
    
83.   <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
    
84. [klif / klif][Running/System Start]
    
85.   <\??\C:\WINNT\system32\drivers\klif.sys><Kaspersky Lab>
    
86. [npkcrypt / npkcrypt][Running/Auto Start]
    
87.   <\??\E:\Program Files\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
    
88. [PfModNT / PfModNT][Running/Auto Start]
    
89.   <\??\C:\WINNT\system32\PfModNT.sys><Creative Technology Ltd.>
    
90. [Direct Parallel Link Driver / Ptilink][Running/Manual Start]
    
91.   <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
    
92. [Realtek RTL8139-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
    
93.   <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
    
94. [Sound Blaster AudioPCI Audio Driver (WDM) / sbpci][Stopped/Manual Start]
    
95.   <system32\drivers\sbpci.sys><Creative Technology Ltd.>
    
96. [SVKP / SVKP][Running/Auto Start]
    
97.   <\??\C:\WINNT\system32\SVKP.sys><AntiCracking>
    
98. [TSP / TSP][Stopped/Manual Start]
    
99.   <\??\C:\WINNT\system32\drivers\klif.sys><Kaspersky Lab>
    
100. [World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
     
101.   <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
     
102. [xBlock3 / xBlock3][Stopped/Manual Start]
     
103.   <\??\C:\WINNT\system32\Drivers\xBlock3.sys><N/A>
     
104. [xProc / xProc][Stopped/System Start]
     
105.   <\??\C:\WINNT\system32\Drivers\xProc.sys><N/A>
     
106. ==================================
     
107. 浏览器加载项
     
108. [NavigatMon Class]
     
109.   {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <E:\Program Files\360safe\safemon\safemon.dll, >
     
110. [浩方对战平台]
     
111.   {0A155D3C-68E2-4215-A47A-E800A446447A} <E:\Program Files\浩方对战平台\GameClient.exe, 上海浩方在线信息技术有限公司>
     
112. [Web反病毒保护]
     
113.   {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll, Kaspersky Lab>
     
114. [QQ]
     
115.   {c95fe080-8f5d-11d2-a20b-00aa003c157b} <E:\Program Files\QQ\QQ.EXE, TENCENT>
     
116. [FlashGet]
     
117.   {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <C:\PROGRA~1\FLASHGET\flashget.exe, Amaze Soft>
     
118. [@msdxmLC.dll,-1@2052,电台(&R)]
     
119.   {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\system32\msdxm.ocx, Microsoft Corporation>
     
120. [BitComet工具栏]
     
121.   {3F1ABCDB-A875-46c1-8345-B72A4567E486} <e:\Program Files\BitComet\BitCometBar\BitCometBar0.6.dll, >
     
122. [Edit Class]
     
123.   {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <C:\WINNT\system32\CMBEdit.dll, >
     
124. [CKAVWebScan Object]
     
125.   {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} <C:\WINNT\system32\Kaspersky Lab\Kaspersky Online Scanner Pro\kavwebscan.dll, Kaspersky Lab>
     
126. [CEditCtrl Object]
     
127.   {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINNT\system32\aliedit\AliEdit.dll, www.alipay.com>
     
128. [AxInputControl Class]
     
129.   {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINNT\DOWNLO~1\INPUTC~1.DLL, >
     
130. [KSHScan Control]
     
131.   {ACFE8232-03C5-4AEC-AF5E-42B806724096} <C:\WINNT\system32\kingsoft\ONLINE~1\KSHScan.ocx, kingsoft>
     
132. [Shockwave Flash Object]
     
133.   {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
     
134. [Rising Web Scan Object]
     
135.   {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINNT\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
     
136. [上传到QQ网络硬盘]
     
137.   <E:\Program Files\QQ\AddToNetDisk.htm, N/A>
     
138. [使用网际快车下载]
     
139.   <C:\Program Files\FlashGet\jc_link.htm, N/A>
     
140. [使用网际快车下载全部链接]
     
141.   <C:\Program Files\FlashGet\jc_all.htm, N/A>
     
142. [添加到QQ自定义面板]
     
143.   <E:\Program Files\QQ\AddPanel.htm, N/A>
     
144. [添加到QQ表情]
     
145.   <E:\Program Files\QQ\AddEmotion.htm, N/A>
     
146. [用QQ彩信发送该图片]
     
147.   <E:\Program Files\QQ\SendMMS.htm, N/A>
     
148. ==================================
     
149. 正在运行的进程
     
150. [PID: 172][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.00.2195.6601]
     
151. [PID: 200][\??\C:\WINNT\system32\csrss.exe]  [Microsoft Corporation, 5.00.2195.6601]
     
152. [PID: 196][\??\C:\WINNT\system32\winlogon.exe]  [Microsoft Corporation, 5.00.2195.6997]
     
153.     [C:\WINNT\system32\wdmaud.drv]  [Microsoft Corporation, 5.00.2195.6673]
     
154.     [C:\WINNT\system32\Ati2evxx.dll]  [ATI Technologies Inc., 6.14.10.4110]
     
155.     [C:\WINNT\system32\klogon.dll]  [Kaspersky Lab, 6.0.0.299]
     
156. [PID: 248][C:\WINNT\system32\services.exe]  [Microsoft Corporation, 5.00.2195.7035]
     
157.     [C:\WINNT\system32\dmserver.dll]  [VERITAS Software Corp., 2195.6605.297.3]
     
158. [PID: 260][C:\WINNT\system32\lsass.exe]  [Microsoft Corporation, 5.00.2195.7011]
     
159. [PID: 1096][C:\WINNT\HELP\SMSS.EXE]  [FREE, 1.00]
     
160.     [C:\WINNT\system32\MSVBVM60.DLL]  [Microsoft Corporation, 6.00.9690]
     
161.     [C:\WINNT\system32\vb6chs.dll]  [Microsoft Corporation, 6.00.8988]
     
162. [PID: 1116][C:\WINNT\Explorer.EXE]  [Microsoft Corporation, 5.00.3700.6690]
     
163.     [C:\WINNT\AppPatch\AcLayers.DLL]  [Microsoft Corporation, 5.00.2195.6717]
     
164.     [C:\WINNT\system32\wdmaud.drv]  [Microsoft Corporation, 5.00.2195.6673]
     
165.     [C:\WINNT\system32\msacm32.drv]  [Microsoft Corporation, 5.00.2134.1]
     
166.     [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scr_ch_pg.dll]  [Kaspersky Lab, 1.0.6.299]
     
167.     [C:\WINNT\system32\MSVCP60.dll]  [Microsoft Corporation, 6.00.8972.0]
     
168.     [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
     
169.     [d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll]  [Anti-Malware Development a.s., 7, 5, 0, 47]
     
170.     [E:\Program Files\360safe\safemon\safemon.dll]  [, 3, 2, 0, 1001]
     
171.     [D:\PROGRA~1\WINZIP\WZSHLSTB.DLL]  [WinZip Computing, Inc., 4.1 (32-bit)]
     
172. [PID: 1188][C:\WINNT\system32\conime.exe]  [Microsoft Corporation, 5.00.2195.6655]
     
173. [PID: 1280][C:\WINNT\SOUNDMAN.EXE]  [Realtek Semiconductor Corp., 5.1.0.24]
     
174. [PID: 1264][C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe]  [ATI Technologies, Inc., 6.14.10.5134]
     
175.     [C:\Program Files\ATI Technologies\ATI Control Panel\atipdsxx.dll]  [ATI Technologies, Inc., 6.14.10.5134]
     
176.     [C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATRPUIXX.CHS]  [ATI Technologies, Inc., 6.14.10.5134]
     
177.     [C:\Program Files\ATI Technologies\ATI Control Panel\atipdxxx.dll]  [ATI Technologies, Inc., 6.14.10.5134]
     
178.     [C:\WINNT\system32\DINPUT8.dll]  [Microsoft Corporation, 5.1.2600.881 built by: Lab06_N(mmbuild)         ]
     
179. [PID: 1268][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  [RealNetworks, Inc., 0.1.0.3249]
     
180. [PID: 1320][D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe]  [Anti-Malware Development a.s., 7, 5, 0, 50]
     
181.     [D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\engine.dll]  [Anti-Malware Development a.s., 4, 2, 0, 15]
     
182. [PID: 1372][C:\Program Files\HelloNet\HNMainUI.exe]  [, 2, 3, 0, 1]
     
183.     [C:\Program Files\HelloNet\HNKernel.dll]  [HelloNet, 2.2.0.1]
     
184.     [C:\Program Files\HelloNet\HNUtils.dll]  [, 2, 2, 0, 1]
     
185.     [C:\Program Files\HelloNet\HNRes_0804.dll]  [, 2, 2, 0, 1]
     
186.     [C:\Program Files\HelloNet\plugins\Diagnose.dll]  [HelloNet, 2.2.0.1]
     
187. [PID: 1480][C:\Documents and Settings\y\桌面\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
     
188.     [E:\Program Files\360safe\safemon\safemon.dll]  [, 3, 2, 0, 1001]
     
189.     [C:\Program Files\Microsoft Office\Office10\msohev.dll]  [Microsoft Corporation, 10.0.2609]
     
190.     [C:\WINNT\system32\wdmaud.drv]  [Microsoft Corporation, 5.00.2195.6673]
     
191.     [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
     
192.     [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scr_ch_pg.dll]  [Kaspersky Lab, 1.0.6.299]
     
193.     [C:\WINNT\system32\MSVCP60.dll]  [Microsoft Corporation, 6.00.8972.0]
     
194.     [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\klscav.dll]  [Kaspersky Lab, 6.0.0.299]
     
195.     [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\pr_remote.dll]  [Kaspersky Lab, 6.0.0.299]
     
196.     [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll]  [Kaspersky Lab, 6.0.0.299]
     
197.     [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prkernel.ppl]  [Kaspersky Lab, 6.0.0.304]
     
198.     [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\params.ppl]  [Kaspersky Lab, 6.0.0.299]
     
199.     [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\pxstub.ppl]  [Kaspersky Lab, 6.0.0.299]
     
200.     [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\tempfile.ppl]  [Kaspersky Lab, 6.0.0.299]
     
201.     [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\nfio.ppl]  [Kaspersky Lab, 6.0.0.299]
     
202.     [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\fsdrvplgn.ppl]  [Kaspersky Lab, 6.0.0.299]
     
203.     [C:\WINNT\system32\msratelc.dll]  [Microsoft Corporation, 6.00.2800.1106]
     
204.     [C:\WINNT\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
     
205.     [C:\WINNT\system32\msacm32.drv]  [Microsoft Corporation, 5.00.2134.1]
     
206. [PID: 944][E:\新建文件夹 (2)\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
     
207.     [E:\新建文件夹 (2)\Plugins\NWMON.SRE]  [Smallfrogs Studio, 1, 0, 0, 8]
     
208. ==================================
     
209. 文件关联
     
210. .TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
     
211. .EXE  OK. ["%1" %*]
     
212. .COM  OK. ["%1" %*]
     
213. .PIF  OK. ["%1" %*]
     
214. .REG  OK. [regedit.exe "%1"]
     
215. .BAT  OK. ["%1" %*]
     
216. .SCR  OK. ["%1" /S]
     
217. .CHM  OK. ["C:\WINNT\hh.exe" %1]
     
218. .HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
     
219. .INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
     
220. .INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
     
221. .VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
     
222. .JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
     
223. .LNK  OK. [{00021401-0000-0000-C000-000000000046}]
     
224. ==================================
     
225. Winsock 提供者
     
226. N/A
     
227. ==================================
     
228. Autorun.inf
     
229. N/A
     
230. ==================================
     
231. HOSTS 文件
     
232. 127.0.0.1       localhost
     
233. ==================================
     
234. API HOOK
     
235. RVA  错误： LoadLibraryA (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xB7AF8B25)
     
236. RVA  错误： LoadLibraryExA (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xB7AF8D67)
     
237. RVA  错误： LoadLibraryExW (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xB7AF8F0B)
     
238. RVA  错误： LoadLibraryW (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xB7AF8C49)
     
239. RVA  错误： GetProcAddress (危险等级: 高,  被下面模块所HOOK: Dest Addr: 0xB7AF8E8F)
     
240. ==================================
     
241. 隐藏进程
     
242. N/A
     
243. ==================================

复制代码

系统会自动蓝屏，开机重启有时也会直接蓝屏

[ 本帖最后由 hflcat 于 2007-3-15 18:58 编辑 ]

stevenji2000

服务里的[Application Experience / AeLookupSvc][Stopped/Auto Start]
  <C:\WINNT\MediA\auto><N/A>改为禁止启动

[SVKP / SVKP][Running/Auto Start]
  <\??\C:\WINNT\system32\SVKP.sys><AntiCracking>
这个很可疑

应该还有文件藏着呢,有个办法,你找到文件看创建时间,把那天的都调出来,删(取消隐藏保护系统文件)

wangjay1980

<{B8A170A8-7AD3-4678-B2FE-F2D7381CC1B5}><C:\Program Files\Internet Explorer\Connection Wizard\isignup.sys>  []
这个启动项删除

[Application Experience / AeLookupSvc][Stopped/Auto Start]
  <C:\WINNT\MediA\auto><N/A>
[Spectrum24 Events Monitor / IPRIP][Others/Auto Start]
  <C:\WINNT\System32\svchost.exe -k netsvcs-->C:\WINNT\system32\acss.dll><N/A>
[SNMP Trap Service / SNMP Trap Service][Stopped/Auto Start]
  <C:\WINNT\system32\spool\wumian><N/A>
这些服务删除或设置为disabled

[SVKP / SVKP][Running/Auto Start]
  <\??\C:\WINNT\system32\SVKP.sys><AntiCracking>

[xBlock3 / xBlock3][Stopped/Manual Start]
  <\??\C:\WINNT\system32\Drivers\xBlock3.sys><N/A>
[xProc / xProc][Stopped/System Start]
  <\??\C:\WINNT\system32\Drivers\xProc.sys><N/A>
这些驱动删除

C:\WINNT\HELP\SMSS.EXE
按路径删除

最后用这个清理一下

[ 本帖最后由 wangjay1980 于 2007-3-15 20:46 编辑 ]

hflcat

请问下驱动在哪删除？

还有附件无法下载

[ 本帖最后由 hflcat 于 2007-3-15 21:37 编辑 ]

wangjay1980

驱动和服务都用SRE（在启动项目---服务里）删除，删除不了就设置为disabled。 附件请登陆http://bbs.kafan.cn/index.php这个新域名

hflcat

还是没有彻底解决

卡8又发出警报
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.es 文件: C:\WINNT\gz.exe/PE_Patch/UPack
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.es 文件: C:\WINNT\SYSTEM32\ShellExt\in.exe/PE_Patch/UPack
已删除: 木马程序 Trojan-Downloader.VBS.Small.bo 文件: C:\WINNT\SYSTEM32\ShellExt\wmi.vbs
这是新的扫描报告

1. 
   
2. 2007-03-16,21:33:35
   
3. System Repair Engineer 2.4.12.806
   
4. Smallfrogs (http://www.KZTechs.com)
   
5. Windows 2000 Professional Service Pack 4 (Build 2195) - 管理权限用户 - 完整功能
   
6. 以下内容被选中：
   
7.     所有的启动项目（包括注册表、启动文件夹、服务等）
   
8.     浏览器加载项
   
9.     正在运行的进程（包括进程模块信息）
   
10.     文件关联
    
11.     Winsock 提供者
    
12.     Autorun.inf
    
13.     HOSTS 文件
    
14. 
    
15. 启动项目
    
16. 注册表
    
17. [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    
18.     <ctfmon.exe><ctfmon.exe>  [N/A]
    
19. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    
20.     <Synchronization Manager><mobsync.exe /logon>  [(Verified)Microsoft Windows 2000 Publisher]
    
21.     <SoundMan><SOUNDMAN.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    
22.     <ATIPTA><C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe>  [ATI Technologies, Inc.]
    
23.     <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    
24.     <StormCodec_Helper><; "D:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti>  [N/A]
    
25.     <kav><"D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe">  [Kaspersky Lab]
    
26.     <!AVG Anti-Spyware><"D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized>  [Anti-Malware Development a.s.]
    
27. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    
28.     <shell><Explorer.exe>  [(Verified)Microsoft Windows 2000 Publisher]
    
29.     <Userinit><C:\WINNT\system32\UserInit.exe,>  [(Verified)Microsoft Windows 2000 Publisher]
    
30. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    
31.     <{57B86673-276A-48B2-BAE7-C6DBB3020EB8}><d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll>  [Anti-Malware Development a.s.]
    
32. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
    
33.     <WinlogonNotify: klogon><C:\WINNT\system32\klogon.dll>  [Kaspersky Lab]
    
34. ==================================
    
35. 启动文件夹
    
36. [ADSL拨号王]
    
37.   <C:\Documents and Settings\y\「开始」菜单\程序\启动\ADSL拨号王.lnk --> C:\PROGRA~1\HelloNet\HelloNet.exe [HelloNet]><N>
    
38. ==================================
    
39. 服务
    
40. [Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
    
41.   <C:\WINNT\system32\Ati2evxx.exe><ATI Technologies Inc.>
    
42. [AVG Anti-Spyware Guard / AVG Anti-Spyware Guard][Stopped/Auto Start]
    
43.   <d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe><Anti-Malware Development a.s.>
    
44. [卡巴斯基反病毒6.0 / AVP][Running/Auto Start]
    
45.   <"D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r><Kaspersky Lab>
    
46. [Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
    
47.   <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
    
48. ==================================
    
49. 驱动程序
    
50. [Service for WDM 3D Audio Driver / ALCXSENS][Stopped/Manual Start]
    
51.   <system32\drivers\ALCXSENS.SYS><Sensaura>
    
52. [Service for Realtek AC97 Audio (WDM) / ALCXWDM][Stopped/Manual Start]
    
53.   <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
    
54. [ati2mtag / ati2mtag][Running/Manual Start]
    
55.   <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
    
56. [AVG Anti-Spyware Driver / AVG Anti-Spyware Driver][Running/System Start]
    
57.   <\??\d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys><N/A>
    
58. [AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start]
    
59.   <System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.>
    
60. [HelloNet PPPoE 虚拟网卡 / BRPPPOE][Running/Manual Start]
    
61.   <system32\DRIVERS\brpppoe.sys><N/A>
    
62. [SoundFusion(tm) WDM Driver / cwrwdm][Stopped/Manual Start]
    
63.   <system32\DRIVERS\cwrwdm.sys><Cirrus Logic Inc.>
    
64. [dmboot / dmboot][Stopped/Disabled]
    
65.   <System32\drivers\dmboot.sys><VERITAS Software Corp.>
    
66. [Logical Disk Manager Driver / dmio][Running/Boot Start]
    
67.   <\SystemRoot\System32\drivers\dmio.sys><VERITAS Software Corp.>
    
68. [dmload / dmload][Running/Boot Start]
    
69.   <\SystemRoot\System32\drivers\dmload.sys><VERITAS Software Corp.>
    
70. [SoundFusion(tm) Joystick / gameenum][Stopped/Manual Start]
    
71.   <system32\DRIVERS\gameenum.sys><N/A>
    
72. [IdeBusDr / IdeBusDr][Running/Boot Start]
    
73.   <\SystemRoot\system32\DRIVERS\IdeBusDr.sys><Intel Corporation>
    
74. [Intel(R) Ultra ATA Controller / IdeChnDr][Running/Boot Start]
    
75.   <\SystemRoot\system32\DRIVERS\IdeChnDr.sys><Intel Corporation>
    
76. [kl1 / kl1][Running/Boot Start]
    
77.   <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
    
78. [klif / klif][Running/System Start]
    
79.   <\??\C:\WINNT\system32\drivers\klif.sys><Kaspersky Lab>
    
80. [npkcrypt / npkcrypt][Running/Auto Start]
    
81.   <\??\E:\Program Files\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
    
82. [PfModNT / PfModNT][Running/Auto Start]
    
83.   <\??\C:\WINNT\system32\PfModNT.sys><Creative Technology Ltd.>
    
84. [Direct Parallel Link Driver / Ptilink][Running/Manual Start]
    
85.   <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
    
86. [Realtek RTL8139-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
    
87.   <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
    
88. [Sound Blaster AudioPCI Audio Driver (WDM) / sbpci][Stopped/Manual Start]
    
89.   <system32\drivers\sbpci.sys><Creative Technology Ltd.>
    
90. [TSP / TSP][Stopped/Manual Start]
    
91.   <\??\C:\WINNT\system32\drivers\klif.sys><Kaspersky Lab>
    
92. [World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
    
93.   <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
    
94. ==================================
    
95. 浏览器加载项
    
96. N/A
    
97. ==================================
    
98. 正在运行的进程
    
99. [PID: 172][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.00.2195.6601]
    
100. [PID: 200][\??\C:\WINNT\system32\csrss.exe]  [Microsoft Corporation, 5.00.2195.6601]
     
101. [PID: 196][\??\C:\WINNT\system32\winlogon.exe]  [Microsoft Corporation, 5.00.2195.6997]
     
102.     [C:\WINNT\system32\wdmaud.drv]  [Microsoft Corporation, 5.00.2195.6673]
     
103.     [C:\WINNT\system32\Ati2evxx.dll]  [ATI Technologies Inc., 6.14.10.4110]
     
104.     [C:\WINNT\system32\klogon.dll]  [Kaspersky Lab, 6.0.0.299]
     
105. [PID: 1128][C:\WINNT\Explorer.EXE]  [Microsoft Corporation, 5.00.3700.6690]
     
106.     [C:\WINNT\AppPatch\AcLayers.DLL]  [Microsoft Corporation, 5.00.2195.6717]
     
107.     [C:\WINNT\system32\wdmaud.drv]  [Microsoft Corporation, 5.00.2195.6673]
     
108.     [C:\WINNT\system32\msacm32.drv]  [Microsoft Corporation, 5.00.2134.1]
     
109.     [d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll]  [Anti-Malware Development a.s., 7, 5, 0, 47]
     
110.     [E:\Program Files\360safe\safemon\safemon.dll]  [, 3, 2, 0, 1001]
     
111.     [C:\Program Files\Microsoft Office\Office10\msohev.dll]  [Microsoft Corporation, 10.0.2609]
     
112.     [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
     
113. [PID: 1212][C:\WINNT\SOUNDMAN.EXE]  [Realtek Semiconductor Corp., 5.1.0.24]
     
114. [PID: 624][C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe]  [ATI Technologies, Inc., 6.14.10.5134]
     
115.     [C:\Program Files\ATI Technologies\ATI Control Panel\atipdsxx.dll]  [ATI Technologies, Inc., 6.14.10.5134]
     
116.     [C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATRPUIXX.CHS]  [ATI Technologies, Inc., 6.14.10.5134]
     
117.     [C:\Program Files\ATI Technologies\ATI Control Panel\atipdxxx.dll]  [ATI Technologies, Inc., 6.14.10.5134]
     
118.     [C:\WINNT\system32\DINPUT8.dll]  [Microsoft Corporation, 5.1.2600.881 built by: Lab06_N(mmbuild)         ]
     
119. [PID: 1244][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  [RealNetworks, Inc., 0.1.0.3249]
     
120. [PID: 1316][D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe]  [Anti-Malware Development a.s., 7, 5, 0, 50]
     
121.     [D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\engine.dll]  [Anti-Malware Development a.s., 4, 2, 0, 15]
     
122. [PID: 1388][C:\Program Files\HelloNet\HNMainUI.exe]  [, 2, 3, 0, 1]
     
123.     [C:\Program Files\HelloNet\HNKernel.dll]  [HelloNet, 2.2.0.1]
     
124.     [C:\Program Files\HelloNet\HNUtils.dll]  [, 2, 2, 0, 1]
     
125.     [C:\Program Files\HelloNet\HNRes_0804.dll]  [, 2, 2, 0, 1]
     
126.     [C:\Program Files\HelloNet\plugins\Diagnose.dll]  [HelloNet, 2.2.0.1]
     
127. [PID: 1028][C:\Documents and Settings\y\桌面\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
     
128.     [E:\Program Files\360safe\safemon\safemon.dll]  [, 3, 2, 0, 1001]
     
129.     [C:\Program Files\Microsoft Office\Office10\msohev.dll]  [Microsoft Corporation, 10.0.2609]
     
130.     [C:\WINNT\system32\wdmaud.drv]  [Microsoft Corporation, 5.00.2195.6673]
     
131.     [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scr_ch_pg.dll]  [Kaspersky Lab, 1.0.6.299]
     
132.     [C:\WINNT\system32\MSVCP60.dll]  [Microsoft Corporation, 6.00.8972.0]
     
133.     [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\klscav.dll]  [Kaspersky Lab, 6.0.0.299]
     
134.     [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\pr_remote.dll]  [Kaspersky Lab, 6.0.0.299]
     
135.     [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll]  [Kaspersky Lab, 6.0.0.299]
     
136.     [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prkernel.ppl]  [Kaspersky Lab, 6.0.0.304]
     
137.     [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\params.ppl]  [Kaspersky Lab, 6.0.0.299]
     
138.     [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\pxstub.ppl]  [Kaspersky Lab, 6.0.0.299]
     
139.     [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\tempfile.ppl]  [Kaspersky Lab, 6.0.0.299]
     
140.     [C:\WINNT\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
     
141.     [C:\WINNT\system32\msacm32.drv]  [Microsoft Corporation, 5.00.2134.1]
     
142.     [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\nfio.ppl]  [Kaspersky Lab, 6.0.0.299]
     
143.     [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\fsdrvplgn.ppl]  [Kaspersky Lab, 6.0.0.299]
     
144. [PID: 1524][C:\Documents and Settings\y\桌面\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
     
145.     [E:\Program Files\360safe\safemon\safemon.dll]  [, 3, 2, 0, 1001]
     
146.     [C:\Program Files\Microsoft Office\Office10\msohev.dll]  [Microsoft Corporation, 10.0.2609]
     
147.     [C:\WINNT\system32\wdmaud.drv]  [Microsoft Corporation, 5.00.2195.6673]
     
148.     [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scr_ch_pg.dll]  [Kaspersky Lab, 1.0.6.299]
     
149.     [C:\WINNT\system32\MSVCP60.dll]  [Microsoft Corporation, 6.00.8972.0]
     
150.     [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\klscav.dll]  [Kaspersky Lab, 6.0.0.299]
     
151.     [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\pr_remote.dll]  [Kaspersky Lab, 6.0.0.299]
     
152.     [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll]  [Kaspersky Lab, 6.0.0.299]
     
153.     [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prkernel.ppl]  [Kaspersky Lab, 6.0.0.304]
     
154.     [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\params.ppl]  [Kaspersky Lab, 6.0.0.299]
     
155.     [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\pxstub.ppl]  [Kaspersky Lab, 6.0.0.299]
     
156.     [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\tempfile.ppl]  [Kaspersky Lab, 6.0.0.299]
     
157.     [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\nfio.ppl]  [Kaspersky Lab, 6.0.0.299]
     
158.     [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\fsdrvplgn.ppl]  [Kaspersky Lab, 6.0.0.299]
     
159.     [C:\WINNT\system32\msacm32.drv]  [Microsoft Corporation, 5.00.2134.1]
     
160.     [C:\WINNT\system32\msratelc.dll]  [Microsoft Corporation, 6.00.2800.1106]
     
161.     [C:\WINNT\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
     
162.     [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
     
163. [PID: 1768][E:\Program Files\QQ\QQ.exe]  [TENCENT, 0, 0, 0, 0]
     
164.     [E:\Program Files\QQ\QQBaseClassInDll.dll]  [, 1, 0, 0, 1]
     
165.     [E:\Program Files\QQ\QQHelperDll.dll]  [, 1, 0, 0, 1]
     
166.     [E:\Program Files\QQ\BasicCtrlDll.dll]  [Tencent, 6, 0, 200, 320]
     
167.     [E:\Program Files\QQ\MFC42.DLL]  [Microsoft Corporation, 6.00.8665.0]
     
168.     [E:\Program Files\QQ\MSVCP60.dll]  [Microsoft Corporation, 6.00.8168.0]
     
169.     [E:\Program Files\QQ\RICHED32.DLL]  [Microsoft Corporation, 5.00.2134.1]
     
170.     [E:\Program Files\QQ\RICHED20.dll]  [Microsoft Corporation, 5.31.23.1218]
     
171.     [E:\Program Files\QQ\QQAPI.dll]  [, 1, 0, 0, 1]
     
172.     [E:\Program Files\QQ\TIMProxy.dll]  [tencent, 0, 3, 2, 4]
     
173.     [E:\Program Files\QQ\LoginCtrl.dll]  [, 1, 0, 0, 1]
     
174.     [E:\Program Files\QQ\npkcntc.dll]  [INCA Internet Co., Ltd., 2006, 6, 27, 1]
     
175.     [E:\Program Files\QQ\npkpdb.dll]  [INCA Internet Co., Ltd., 2003, 10, 1, 1]
     
176.     [E:\Program Files\QQ\QQRes.dll]  [tencent, 1, 0, 0, 1]
     
177.     [E:\Program Files\QQ\QQMainFrame.dll]  [N/A, ]
     
178.     [E:\Program Files\QQ\CQQApplication.dll]  [N/A, ]
     
179.     [E:\Program Files\QQ\NewSkin.dll]  [, 1, 0, 0, 1]
     
180.     [E:\Program Files\QQ\HostingMgr.dll]  [, 1, 0, 0, 1]
     
181.     [E:\Program Files\QQ\CameraDll.dll]  [, 1, 0, 0, 1]
     
182.     [E:\Program Files\QQ\MailSummary.dll]  [, 1, 0, 0, 1]
     
183.     [E:\Program Files\QQ\QQKnowledgeSearch.dll]  [, 1, 0, 0, 1]
     
184.     [E:\Program Files\QQ\QQAllInOne.dll]  [N/A, ]
     
185.     [E:\Program Files\QQ\GroupLive.dll]  [N/A, ]
     
186.     [E:\Program Files\QQ\SCCore.dll]  [TENCENT, 2, 0, 0, 1]
     
187.     [E:\Program Files\QQ\gdiplus.dll]  [Microsoft Corporation, 5.1.3102.2180 (xpsp_sp2_rtm.040803-2158)]
     
188.     [E:\Program Files\QQ\QQSpace.dll]  [, 1, 0, 0, 1]
     
189.     [E:\Program Files\QQ\vbscript.dll]  [Microsoft Corporation, 5.6.0.7426]
     
190.     [C:\WINNT\system32\msdmo.dll]  [, ]
     
191.     [E:\Program Files\QQ\QQGroupMng.dll]  [, 1, 0, 0, 1]
     
192.     [E:\Program Files\QQ\QQSysMsgMng.dll]  [N/A, ]
     
193.     [E:\Program Files\QQ\UserDefinedHead.dll]  [, 1, 0, 0, 1]
     
194.     [E:\Program Files\QQ\QQPlugin.dll]  [N/A, ]
     
195.     [E:\Program Files\QQ\QQConfigPlugin.dll]  [, 1, 0, 0, 1]
     
196.     [C:\WINNT\system32\wdmaud.drv]  [Microsoft Corporation, 5.00.2195.6673]
     
197.     [C:\WINNT\system32\msacm32.drv]  [Microsoft Corporation, 5.00.2134.1]
     
198.     [E:\Program Files\QQ\QRingMng.dll]  [N/A, ]
     
199.     [C:\WINNT\system32\msadp32.acm]  [Microsoft Corporation, 5.00.2134.1]
     
200.     [E:\Program Files\QQ\QQCustomFace.dll]  [N/A, ]
     
201.     [E:\Program Files\QQ\QQPet.dll]  [, 1, 0, 0, 1]
     
202.     [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scr_ch_pg.dll]  [Kaspersky Lab, 1.0.6.299]
     
203.     [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\klscav.dll]  [Kaspersky Lab, 6.0.0.299]
     
204.     [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\pr_remote.dll]  [Kaspersky Lab, 6.0.0.299]
     
205.     [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll]  [Kaspersky Lab, 6.0.0.299]
     
206.     [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prkernel.ppl]  [Kaspersky Lab, 6.0.0.304]
     
207.     [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\params.ppl]  [Kaspersky Lab, 6.0.0.299]
     
208.     [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\pxstub.ppl]  [Kaspersky Lab, 6.0.0.299]
     
209.     [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\tempfile.ppl]  [Kaspersky Lab, 6.0.0.299]
     
210.     [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\nfio.ppl]  [Kaspersky Lab, 6.0.0.299]
     
211.     [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\fsdrvplgn.ppl]  [Kaspersky Lab, 6.0.0.299]
     
212.     [E:\Program Files\QQ\LongConnection.dll]  [tencent, 5, 0, 200, 160]
     
213.     [E:\Program Files\QQ\QQAvatar.dll]  [N/A, ]
     
214.     [E:\Program Files\QQ\FlashAvatarDll.dll]  [, 1, 4, 0, 1]
     
215.     [E:\Program Files\QQ\PhoneAPI.dll]  [, 1, 0, 0, 1]
     
216.     [E:\Program Files\QQ\DialerAllinOne.dll]  [tencent, 1, 4, 0, 0]
     
217.     [E:\Program Files\QQ\ImageOle.dll]  [TODO: <Company name>, 1.0.0.1]
     
218.     [E:\Program Files\QQ\BQQApplication.dll]  [N/A, ]
     
219.     [E:\Program Files\QQ\QQSettingCtrl.dll]  [, 1, 0, 0, 1]
     
220.     [E:\Program Files\QQ\CommercesMng.dll]  [, 1, 0, 0, 1]
     
221.     [E:\Program Files\QQ\PersonalDesktop.dll]  [深圳市腾讯计算机系统公司QQ工作小组, 1, 0, 0, 2]
     
222.     [E:\Program Files\QQ\QQAddr.dll]  [深圳市腾讯计算机系统有限公司, 5, 0, 101, 271]
     
223.     [E:\Program Files\QQ\QQSceneMng.dll]  [N/A, ]
     
224.     [E:\Program Files\QQ\QQPhoneHelper.dll]  [腾讯科技（深圳）有限公司, 2, 1, 5, 50]
     
225.     [E:\Program Files\QQ\GroupConnection.dll]  [Tencent, 0, 3, 3, 5]
     
226.     [C:\WINNT\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
     
227.     [E:\Program Files\QQ\QQMagicFace.dll]  [, 1, 0, 0, 1]
     
228.     [C:\WINNT\system32\winabc.ime]  [Microsoft Corporation, 5.00.2195.6601]
     
229.     [E:\Program Files\QQ\QQZip.dll]  [tencent, 0, 3, 2, 4]
     
230. [PID: 1284][E:\Program Files\QQ\TIMPlatform.exe]  [tencent, 0, 3, 1, 8]
     
231.     [E:\Program Files\QQ\TIMProxy.dll]  [tencent, 0, 3, 2, 4]
     
232. [PID: 1060][C:\WINNT\system32\cmd.exe]  [Microsoft Corporation, 5.00.2195.6995]
     
233. [PID: 1328][C:\WINNT\system32\CMD.EXE]  [Microsoft Corporation, 5.00.2195.6995]
     
234. [PID: 1600][C:\WINNT\system32\ShellExt\smss.exe]  [FREE, 1.00]
     
235.     [C:\WINNT\system32\MSVBVM60.DLL]  [Microsoft Corporation, 6.00.9690]
     
236.     [C:\WINNT\system32\vb6chs.dll]  [Microsoft Corporation, 6.00.8988]
     
237. [PID: 1580][E:\新建文件夹 (2)\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
     
238.     [E:\新建文件夹 (2)\Plugins\NWMON.SRE]  [Smallfrogs Studio, 1, 0, 0, 8]
     
239. ==================================
     
240. 文件关联
     
241. .TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
     
242. .EXE  OK. ["%1" %*]
     
243. .COM  OK. ["%1" %*]
     
244. .PIF  OK. ["%1" %*]
     
245. .REG  OK. [regedit.exe "%1"]
     
246. .BAT  OK. ["%1" %*]
     
247. .SCR  OK. ["%1" /S]
     
248. .CHM  OK. ["C:\WINNT\hh.exe" %1]
     
249. .HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
     
250. .INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
     
251. .INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
     
252. .VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
     
253. .JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
     
254. .LNK  OK. [{00021401-0000-0000-C000-000000000046}]
     
255. ==================================
     
256. Winsock 提供者
     
257. N/A
     
258. ==================================
     
259. Autorun.inf
     
260. N/A
     
261. ==================================
     
262. HOSTS 文件
     
263. 127.0.0.1       localhost
     
264. ==================================
     
265. API HOOK
     
266. RVA  错误： LoadLibraryA (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xB7AF8B25)
     
267. RVA  错误： LoadLibraryExA (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xB7AF8D67)
     
268. RVA  错误： LoadLibraryExW (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xB7AF8F0B)
     
269. RVA  错误： LoadLibraryW (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xB7AF8C49)
     
270. RVA  错误： GetProcAddress (危险等级: 高,  被下面模块所HOOK: Dest Addr: 0xB7AF8E8F)
     
271. ==================================
     
272. 隐藏进程
     
273. N/A
     
274. ==================================
     

复制代码

wangjay1980

<ctfmon.exe><ctfmon.exe>  [N/A]
删除这个启动项
C:\WINNT\system32\ShellExt\smss.exe
按路径删除

给你个删除工具