求助木马程序 Trojan-Downloader.VBS.Small.bo

hflcat

1. 
   
2. 2007-03-20,21:25:38
   
3. System Repair Engineer 2.4.12.806
   
4. Smallfrogs (http://www.KZTechs.com)
   
5. Windows 2000 Professional Service Pack 4 (Build 2195) - 管理权限用户 - 完整功能
   
6. 以下内容被选中：
   
7.     所有的启动项目（包括注册表、启动文件夹、服务等）
   
8.     浏览器加载项
   
9.     正在运行的进程（包括进程模块信息）
   
10.     文件关联
    
11.     Winsock 提供者
    
12.     Autorun.inf
    
13.     HOSTS 文件
    
14. 
    
15. 启动项目
    
16. 注册表
    
17. [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    
18.     <internat.exe><internat.exe>  [(Verified)Microsoft Windows 2000 Publisher]
    
19. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    
20.     <ATIPTA><C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe>  [ATI Technologies, Inc.]
    
21.     <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    
22.     <StormCodec_Helper><"D:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti>  [N/A]
    
23.     <kav><"D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe">  [Kaspersky Lab]
    
24.     <SoundMan><SOUNDMAN.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    
25.     <Synchronization Manager><mobsync.exe /logon>  [(Verified)Microsoft Windows 2000 Publisher]
    
26. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    
27.     <shell><Explorer.exe>  [(Verified)Microsoft Windows 2000 Publisher]
    
28.     <Userinit><C:\WINNT\system32\userinit.exe,>  [(Verified)Microsoft Windows 2000 Publisher]
    
29. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
    
30.     <WinlogonNotify: klogon><C:\WINNT\system32\klogon.dll>  [Kaspersky Lab]
    
31. ==================================
    
32. 启动文件夹
    
33. [ADSL拨号王]
    
34.   <C:\Documents and Settings\y\「开始」菜单\程序\启动\ADSL拨号王.lnk --> C:\PROGRA~1\HelloNet\HelloNet.exe [HelloNet]><N>
    
35. ==================================
    
36. 服务
    
37. [Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
    
38.   <C:\WINNT\system32\Ati2evxx.exe><ATI Technologies Inc.>
    
39. [卡巴斯基反病毒6.0 / AVP][Running/Auto Start]
    
40.   <"D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r><Kaspersky Lab>
    
41. [Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
    
42.   <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
    
43. [system Security Center / system Security Center   ][Stopped/Auto Start]
    
44.   <C:\WINNT\system.com.cn.ini><N/A>
    
45. ==================================
    
46. 驱动程序
    
47. [Service for WDM 3D Audio Driver / ALCXSENS][Stopped/Manual Start]
    
48.   <system32\drivers\ALCXSENS.SYS><Sensaura>
    
49. [Service for Realtek AC97 Audio (WDM) / ALCXWDM][Stopped/Manual Start]
    
50.   <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
    
51. [ati2mtag / ati2mtag][Running/Manual Start]
    
52.   <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
    
53. [AVG Anti-Spyware Driver / AVG Anti-Spyware Driver][Running/System Start]
    
54.   <\??\d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys><N/A>
    
55. [AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start]
    
56.   <System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.>
    
57. [HelloNet PPPoE 虚拟网卡 / BRPPPOE][Running/Manual Start]
    
58.   <system32\DRIVERS\brpppoe.sys><N/A>
    
59. [SoundFusion(tm) WDM Driver / cwrwdm][Stopped/Manual Start]
    
60.   <system32\DRIVERS\cwrwdm.sys><Cirrus Logic Inc.>
    
61. [dmboot / dmboot][Stopped/Disabled]
    
62.   <System32\drivers\dmboot.sys><VERITAS Software Corp.>
    
63. [Logical Disk Manager Driver / dmio][Stopped/Disabled]
    
64.   <System32\drivers\dmio.sys><VERITAS Software Corp.>
    
65. [dmload / dmload][Stopped/Disabled]
    
66.   <System32\drivers\dmload.sys><VERITAS Software Corp.>
    
67. [SoundFusion(tm) Joystick / gameenum][Stopped/Manual Start]
    
68.   <system32\DRIVERS\gameenum.sys><N/A>
    
69. [IdeBusDr / IdeBusDr][Running/Boot Start]
    
70.   <\SystemRoot\system32\DRIVERS\IdeBusDr.sys><Intel Corporation>
    
71. [Intel(R) Ultra ATA Controller / IdeChnDr][Running/Boot Start]
    
72.   <\SystemRoot\system32\DRIVERS\IdeChnDr.sys><Intel Corporation>
    
73. [kl1 / kl1][Running/Boot Start]
    
74.   <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
    
75. [klif / klif][Running/System Start]
    
76.   <\??\C:\WINNT\system32\drivers\klif.sys><Kaspersky Lab>
    
77. [npkcrypt / npkcrypt][Running/Auto Start]
    
78.   <\??\E:\Program Files\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
    
79. [PfModNT / PfModNT][Running/Auto Start]
    
80.   <\??\C:\WINNT\system32\PfModNT.sys><Creative Technology Ltd.>
    
81. [Direct Parallel Link Driver / Ptilink][Running/Manual Start]
    
82.   <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
    
83. [Realtek RTL8139-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
    
84.   <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
    
85. [Sound Blaster AudioPCI Audio Driver (WDM) / sbpci][Stopped/Manual Start]
    
86.   <system32\drivers\sbpci.sys><Creative Technology Ltd.>
    
87. [TSP / TSP][Stopped/Manual Start]
    
88.   <\??\C:\WINNT\system32\drivers\klif.sys><Kaspersky Lab>
    
89. [World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
    
90.   <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
    
91. ==================================
    
92. 浏览器加载项
    
93. [NavigatMon Class]
    
94.   {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <E:\Program Files\360safe\safemon\safemon.dll, >
    
95. [浩方对战平台]
    
96.   {0A155D3C-68E2-4215-A47A-E800A446447A} <E:\Program Files\浩方对战平台\GameClient.exe, 上海浩方在线信息技术有限公司>
    
97. [Web反病毒保护]
    
98.   {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll, Kaspersky Lab>
    
99. [QQ]
    
100.   {c95fe080-8f5d-11d2-a20b-00aa003c157b} <E:\Program Files\QQ\QQ.EXE, TENCENT>
     
101. [FlashGet]
     
102.   {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <C:\PROGRA~1\FLASHGET\flashget.exe, Amaze Soft>
     
103. [@msdxmLC.dll,-1@2052,电台(&R)]
     
104.   {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\system32\msdxm.ocx, Microsoft Corporation>
     
105. [Edit Class]
     
106.   {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <C:\WINNT\system32\CMBEdit.dll, >
     
107. [CKAVWebScan Object]
     
108.   {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} <C:\WINNT\system32\Kaspersky Lab\Kaspersky Online Scanner Pro\kavwebscan.dll, Kaspersky Lab>
     
109. [CEditCtrl Object]
     
110.   {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINNT\system32\aliedit\AliEdit.dll, www.alipay.com>
     
111. [AxInputControl Class]
     
112.   {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINNT\DOWNLO~1\INPUTC~1.DLL, >
     
113. [KSHScan Control]
     
114.   {ACFE8232-03C5-4AEC-AF5E-42B806724096} <C:\WINNT\system32\kingsoft\ONLINE~1\KSHScan.ocx, kingsoft>
     
115. [Shockwave Flash Object]
     
116.   {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
     
117. [Rising Web Scan Object]
     
118.   {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINNT\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
     
119. [上传到QQ网络硬盘]
     
120.   <E:\Program Files\QQ\AddToNetDisk.htm, N/A>
     
121. [使用网际快车下载]
     
122.   <C:\Program Files\FlashGet\jc_link.htm, N/A>
     
123. [使用网际快车下载全部链接]
     
124.   <C:\Program Files\FlashGet\jc_all.htm, N/A>
     
125. [添加到QQ自定义面板]
     
126.   <E:\Program Files\QQ\AddPanel.htm, N/A>
     
127. [添加到QQ表情]
     
128.   <E:\Program Files\QQ\AddEmotion.htm, N/A>
     
129. [用QQ彩信发送该图片]
     
130.   <E:\Program Files\QQ\SendMMS.htm, N/A>
     
131. ==================================
     
132. 正在运行的进程
     
133. [PID: 168][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.00.2195.6601]
     
134. [PID: 196][\??\C:\WINNT\system32\csrss.exe]  [Microsoft Corporation, 5.00.2195.6601]
     
135. [PID: 192][\??\C:\WINNT\system32\winlogon.exe]  [Microsoft Corporation, 5.00.2195.6997]
     
136.     [C:\WINNT\system32\wdmaud.drv]  [Microsoft Corporation, 5.00.2195.6673]
     
137.     [C:\WINNT\system32\Ati2evxx.dll]  [ATI Technologies Inc., 6.14.10.4110]
     
138.     [C:\WINNT\system32\klogon.dll]  [Kaspersky Lab, 6.0.0.299]
     
139. [PID: 244][C:\WINNT\system32\services.exe]  [Microsoft Corporation, 5.00.2195.7035]
     
140.     [C:\WINNT\system32\dmserver.dll]  [VERITAS Software Corp., 2195.6605.297.3]
     
141. [PID: 256][C:\WINNT\system32\lsass.exe]  [Microsoft Corporation, 5.00.2195.7011]
     
142. [PID: 368][C:\WINNT\system32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4110]
     
143.     [C:\WINNT\system32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2495]
     
144. [PID: 456][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
     
145. [PID: 980][C:\WINNT\Explorer.EXE]  [Microsoft Corporation, 5.00.3700.6690]
     
146.     [C:\WINNT\AppPatch\AcLayers.DLL]  [Microsoft Corporation, 5.00.2195.6717]
     
147.     [C:\WINNT\system32\wdmaud.drv]  [Microsoft Corporation, 5.00.2195.6673]
     
148.     [C:\WINNT\system32\msacm32.drv]  [Microsoft Corporation, 5.00.2134.1]
     
149.     [E:\Program Files\360safe\safemon\safemon.dll]  [, 3, 2, 0, 1001]
     
150.     [C:\Program Files\Microsoft Office\Office10\msohev.dll]  [Microsoft Corporation, 10.0.2609]
     
151.     [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
     
152. [PID: 1188][C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe]  [ATI Technologies, Inc., 6.14.10.5134]
     
153.     [C:\Program Files\ATI Technologies\ATI Control Panel\atipdsxx.dll]  [ATI Technologies, Inc., 6.14.10.5134]
     
154.     [C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATRPUIXX.CHS]  [ATI Technologies, Inc., 6.14.10.5134]
     
155.     [C:\Program Files\ATI Technologies\ATI Control Panel\atipdxxx.dll]  [ATI Technologies, Inc., 6.14.10.5134]
     
156.     [C:\WINNT\system32\DINPUT8.dll]  [Microsoft Corporation, 5.1.2600.881 built by: Lab06_N(mmbuild)         ]
     
157. [PID: 1212][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  [RealNetworks, Inc., 0.1.0.3249]
     
158. [PID: 1252][C:\WINNT\SOUNDMAN.EXE]  [Realtek Semiconductor Corp., 5.1.0.24]
     
159. [PID: 1320][C:\Program Files\HelloNet\HNMainUI.exe]  [, 2, 3, 0, 1]
     
160.     [C:\Program Files\HelloNet\HNKernel.dll]  [HelloNet, 2.2.0.1]
     
161.     [C:\Program Files\HelloNet\HNUtils.dll]  [, 2, 2, 0, 1]
     
162.     [C:\Program Files\HelloNet\HNRes_0804.dll]  [, 2, 2, 0, 1]
     
163.     [C:\Program Files\HelloNet\plugins\Diagnose.dll]  [HelloNet, 2.2.0.1]
     
164. [PID: 884][E:\SRE\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
     
165. ==================================
     
166. 文件关联
     
167. .TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
     
168. .EXE  OK. ["%1" %*]
     
169. .COM  OK. ["%1" %*]
     
170. .PIF  OK. ["%1" %*]
     
171. .REG  OK. [regedit.exe "%1"]
     
172. .BAT  OK. ["%1" %*]
     
173. .SCR  OK. ["%1" /S]
     
174. .CHM  OK. ["C:\WINNT\hh.exe" %1]
     
175. .HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
     
176. .INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
     
177. .INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
     
178. .VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
     
179. .JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
     
180. .LNK  OK. [{00021401-0000-0000-C000-000000000046}]
     
181. ==================================
     
182. Winsock 提供者
     
183. N/A
     
184. ==================================
     
185. Autorun.inf
     
186. N/A
     
187. ==================================
     
188. HOSTS 文件
     
189. 127.0.0.1       localhost
     
190. ==================================
     
191. API HOOK
     
192. RVA  错误： LoadLibraryA (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xB7B1AB25)
     
193. RVA  错误： LoadLibraryExA (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xB7B1AD67)
     
194. RVA  错误： LoadLibraryExW (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xB7B1AF0B)
     
195. RVA  错误： LoadLibraryW (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xB7B1AC49)
     
196. RVA  错误： GetProcAddress (危险等级: 高,  被下面模块所HOOK: Dest Addr: 0xB7B1AE8F)
     
197. ==================================
     
198. 隐藏进程
     
199. N/A
     
200. ==================================
     

复制代码

hflcat

[Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
  <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[system Security Center / system Security Center   ][Stopped/Auto Start]
  <C:\WINNT\system.com.cn.ini>

这两个服务。。。

henren0206

我跟楼主一样的现象，都快一个月了，解决不了，快疯了！

wangjay1980

[Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
  <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
这个设置为disabled
[system Security Center / system Security Center   ][Stopped/Auto Start]
  <C:\WINNT\system.com.cn.ini><N/A>
这个设置为disabled，然后删除

hflcat

原帖由 wangjay1980 于 2007-3-20 21:30 发表

  <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
这个设置为disabled

  <C:\WINNT\system.com.cn.ini><N/A>
这个设置为disabled，然后删除

已经改了。。。

wangjay1980

重启后看看

hflcat

1. 
   
2. 2007-03-20,21:39:19
   
3. System Repair Engineer 2.4.12.806
   
4. Smallfrogs (http://www.KZTechs.com)
   
5. Windows 2000 Professional Service Pack 4 (Build 2195) - 管理权限用户 - 完整功能
   
6. 以下内容被选中：
   
7.     所有的启动项目（包括注册表、启动文件夹、服务等）
   
8.     浏览器加载项
   
9.     正在运行的进程（包括进程模块信息）
   
10.     文件关联
    
11.     Winsock 提供者
    
12.     Autorun.inf
    
13.     HOSTS 文件
    
14. 
    
15. 启动项目
    
16. 注册表
    
17. [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    
18.     <internat.exe><internat.exe>  [(Verified)Microsoft Windows 2000 Publisher]
    
19. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    
20.     <ATIPTA><C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe>  [ATI Technologies, Inc.]
    
21.     <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    
22.     <StormCodec_Helper><"D:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti>  [N/A]
    
23.     <kav><"D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe">  [Kaspersky Lab]
    
24.     <SoundMan><SOUNDMAN.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    
25.     <Synchronization Manager><mobsync.exe /logon>  [(Verified)Microsoft Windows 2000 Publisher]
    
26. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    
27.     <shell><Explorer.exe>  [(Verified)Microsoft Windows 2000 Publisher]
    
28.     <Userinit><C:\WINNT\system32\userinit.exe,>  [(Verified)Microsoft Windows 2000 Publisher]
    
29. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
    
30.     <WinlogonNotify: klogon><C:\WINNT\system32\klogon.dll>  [Kaspersky Lab]
    
31. ==================================
    
32. 启动文件夹
    
33. [ADSL拨号王]
    
34.   <C:\Documents and Settings\y\「开始」菜单\程序\启动\ADSL拨号王.lnk --> C:\PROGRA~1\HelloNet\HelloNet.exe [HelloNet]><N>
    
35. ==================================
    
36. 服务
    
37. [Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
    
38.   <C:\WINNT\system32\Ati2evxx.exe><ATI Technologies Inc.>
    
39. [卡巴斯基反病毒6.0 / AVP][Running/Auto Start]
    
40.   <"D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r><Kaspersky Lab>
    
41. [Logical Disk Manager Administrative Service / dmadmin][Stopped/Disabled]
    
42.   <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
    
43. ==================================
    
44. 驱动程序
    
45. [Service for WDM 3D Audio Driver / ALCXSENS][Stopped/Manual Start]
    
46.   <system32\drivers\ALCXSENS.SYS><Sensaura>
    
47. [Service for Realtek AC97 Audio (WDM) / ALCXWDM][Stopped/Manual Start]
    
48.   <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
    
49. [ati2mtag / ati2mtag][Running/Manual Start]
    
50.   <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
    
51. [AVG Anti-Spyware Driver / AVG Anti-Spyware Driver][Running/System Start]
    
52.   <\??\d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys><N/A>
    
53. [AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start]
    
54.   <System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.>
    
55. [HelloNet PPPoE 虚拟网卡 / BRPPPOE][Running/Manual Start]
    
56.   <system32\DRIVERS\brpppoe.sys><N/A>
    
57. [SoundFusion(tm) WDM Driver / cwrwdm][Stopped/Manual Start]
    
58.   <system32\DRIVERS\cwrwdm.sys><Cirrus Logic Inc.>
    
59. [dmboot / dmboot][Stopped/Disabled]
    
60.   <System32\drivers\dmboot.sys><VERITAS Software Corp.>
    
61. [Logical Disk Manager Driver / dmio][Stopped/Disabled]
    
62.   <System32\drivers\dmio.sys><VERITAS Software Corp.>
    
63. [dmload / dmload][Stopped/Disabled]
    
64.   <System32\drivers\dmload.sys><VERITAS Software Corp.>
    
65. [SoundFusion(tm) Joystick / gameenum][Stopped/Manual Start]
    
66.   <system32\DRIVERS\gameenum.sys><N/A>
    
67. [IdeBusDr / IdeBusDr][Running/Boot Start]
    
68.   <\SystemRoot\system32\DRIVERS\IdeBusDr.sys><Intel Corporation>
    
69. [Intel(R) Ultra ATA Controller / IdeChnDr][Running/Boot Start]
    
70.   <\SystemRoot\system32\DRIVERS\IdeChnDr.sys><Intel Corporation>
    
71. [kl1 / kl1][Running/Boot Start]
    
72.   <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
    
73. [klif / klif][Running/System Start]
    
74.   <\??\C:\WINNT\system32\drivers\klif.sys><Kaspersky Lab>
    
75. [npkcrypt / npkcrypt][Running/Auto Start]
    
76.   <\??\E:\Program Files\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
    
77. [PfModNT / PfModNT][Running/Auto Start]
    
78.   <\??\C:\WINNT\system32\PfModNT.sys><Creative Technology Ltd.>
    
79. [Direct Parallel Link Driver / Ptilink][Running/Manual Start]
    
80.   <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
    
81. [Realtek RTL8139-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
    
82.   <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
    
83. [Sound Blaster AudioPCI Audio Driver (WDM) / sbpci][Stopped/Manual Start]
    
84.   <system32\drivers\sbpci.sys><Creative Technology Ltd.>
    
85. [TSP / TSP][Stopped/Manual Start]
    
86.   <\??\C:\WINNT\system32\drivers\klif.sys><Kaspersky Lab>
    
87. [World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
    
88.   <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
    
89. ==================================
    
90. 浏览器加载项
    
91. [NavigatMon Class]
    
92.   {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <E:\Program Files\360safe\safemon\safemon.dll, >
    
93. [浩方对战平台]
    
94.   {0A155D3C-68E2-4215-A47A-E800A446447A} <E:\Program Files\浩方对战平台\GameClient.exe, 上海浩方在线信息技术有限公司>
    
95. [Web反病毒保护]
    
96.   {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll, Kaspersky Lab>
    
97. [QQ]
    
98.   {c95fe080-8f5d-11d2-a20b-00aa003c157b} <E:\Program Files\QQ\QQ.EXE, TENCENT>
    
99. [FlashGet]
    
100.   {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <C:\PROGRA~1\FLASHGET\flashget.exe, Amaze Soft>
     
101. [@msdxmLC.dll,-1@2052,电台(&R)]
     
102.   {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\system32\msdxm.ocx, Microsoft Corporation>
     
103. [Edit Class]
     
104.   {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <C:\WINNT\system32\CMBEdit.dll, >
     
105. [CKAVWebScan Object]
     
106.   {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} <C:\WINNT\system32\Kaspersky Lab\Kaspersky Online Scanner Pro\kavwebscan.dll, Kaspersky Lab>
     
107. [CEditCtrl Object]
     
108.   {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINNT\system32\aliedit\AliEdit.dll, www.alipay.com>
     
109. [AxInputControl Class]
     
110.   {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINNT\DOWNLO~1\INPUTC~1.DLL, >
     
111. [KSHScan Control]
     
112.   {ACFE8232-03C5-4AEC-AF5E-42B806724096} <C:\WINNT\system32\kingsoft\ONLINE~1\KSHScan.ocx, kingsoft>
     
113. [Shockwave Flash Object]
     
114.   {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
     
115. [Rising Web Scan Object]
     
116.   {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINNT\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
     
117. [上传到QQ网络硬盘]
     
118.   <E:\Program Files\QQ\AddToNetDisk.htm, N/A>
     
119. [使用网际快车下载]
     
120.   <C:\Program Files\FlashGet\jc_link.htm, N/A>
     
121. [使用网际快车下载全部链接]
     
122.   <C:\Program Files\FlashGet\jc_all.htm, N/A>
     
123. [添加到QQ自定义面板]
     
124.   <E:\Program Files\QQ\AddPanel.htm, N/A>
     
125. [添加到QQ表情]
     
126.   <E:\Program Files\QQ\AddEmotion.htm, N/A>
     
127. [用QQ彩信发送该图片]
     
128.   <E:\Program Files\QQ\SendMMS.htm, N/A>
     
129. ==================================
     
130. 正在运行的进程
     
131. [PID: 168][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.00.2195.6601]
     
132. [PID: 196][\??\C:\WINNT\system32\csrss.exe]  [Microsoft Corporation, 5.00.2195.6601]
     
133. [PID: 192][\??\C:\WINNT\system32\winlogon.exe]  [Microsoft Corporation, 5.00.2195.6997]
     
134.     [C:\WINNT\system32\wdmaud.drv]  [Microsoft Corporation, 5.00.2195.6673]
     
135.     [C:\WINNT\system32\Ati2evxx.dll]  [ATI Technologies Inc., 6.14.10.4110]
     
136.     [C:\WINNT\system32\klogon.dll]  [Kaspersky Lab, 6.0.0.299]
     
137. [PID: 244][C:\WINNT\system32\services.exe]  [Microsoft Corporation, 5.00.2195.7035]
     
138.     [C:\WINNT\system32\dmserver.dll]  [VERITAS Software Corp., 2195.6605.297.3]
     
139. [PID: 256][C:\WINNT\system32\lsass.exe]  [Microsoft Corporation, 5.00.2195.7011]
     
140. [PID: 364][C:\WINNT\system32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4110]
     
141.     [C:\WINNT\system32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2495]
     
142. [PID: 452][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
     
143. [PID: 480][C:\WINNT\system32\spoolsv.exe]  [Microsoft Corporation, 5.00.2195.7059]
     
144. [PID: 532][C:\WINNT\System32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
     
145.     [C:\WINNT\System32\unimdm.tsp]  [Microsoft Corporation, 5.00.2195.6601]
     
146.     [C:\WINNT\System32\kmddsp.tsp]  [Microsoft Corporation, 5.00.2150.1]
     
147.     [C:\WINNT\System32\ndptsp.tsp]  [Microsoft Corporation, 5.00.2143.1]
     
148.     [C:\WINNT\System32\ipconf.tsp]  [Microsoft Corporation, 5.00.2143.1]
     
149.     [C:\WINNT\System32\h323.tsp]  [Microsoft Corporation, 5.00.2195.6901]
     
150. [PID: 964][C:\WINNT\Explorer.EXE]  [Microsoft Corporation, 5.00.3700.6690]
     
151.     [C:\WINNT\AppPatch\AcLayers.DLL]  [Microsoft Corporation, 5.00.2195.6717]
     
152.     [C:\WINNT\system32\wdmaud.drv]  [Microsoft Corporation, 5.00.2195.6673]
     
153.     [C:\WINNT\system32\msacm32.drv]  [Microsoft Corporation, 5.00.2134.1]
     
154.     [E:\Program Files\360safe\safemon\safemon.dll]  [, 3, 2, 0, 1001]
     
155.     [C:\Program Files\Microsoft Office\Office10\msohev.dll]  [Microsoft Corporation, 10.0.2609]
     
156.     [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
     
157. [PID: 1040][C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe]  [ATI Technologies, Inc., 6.14.10.5134]
     
158.     [C:\Program Files\ATI Technologies\ATI Control Panel\atipdsxx.dll]  [ATI Technologies, Inc., 6.14.10.5134]
     
159.     [C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATRPUIXX.CHS]  [ATI Technologies, Inc., 6.14.10.5134]
     
160.     [C:\Program Files\ATI Technologies\ATI Control Panel\atipdxxx.dll]  [ATI Technologies, Inc., 6.14.10.5134]
     
161.     [C:\WINNT\system32\DINPUT8.dll]  [Microsoft Corporation, 5.1.2600.881 built by: Lab06_N(mmbuild)         ]
     
162. [PID: 1044][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  [RealNetworks, Inc., 0.1.0.3249]
     
163. [PID: 1180][C:\WINNT\SOUNDMAN.EXE]  [Realtek Semiconductor Corp., 5.1.0.24]
     
164. [PID: 1256][C:\Program Files\HelloNet\HNMainUI.exe]  [, 2, 3, 0, 1]
     
165.     [C:\Program Files\HelloNet\HNKernel.dll]  [HelloNet, 2.2.0.1]
     
166.     [C:\Program Files\HelloNet\HNUtils.dll]  [, 2, 2, 0, 1]
     
167.     [C:\Program Files\HelloNet\HNRes_0804.dll]  [, 2, 2, 0, 1]
     
168.     [C:\Program Files\HelloNet\plugins\Diagnose.dll]  [HelloNet, 2.2.0.1]
     
169. [PID: 604][E:\SRE\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
     
170. ==================================
     
171. 文件关联
     
172. .TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
     
173. .EXE  OK. ["%1" %*]
     
174. .COM  OK. ["%1" %*]
     
175. .PIF  OK. ["%1" %*]
     
176. .REG  OK. [regedit.exe "%1"]
     
177. .BAT  OK. ["%1" %*]
     
178. .SCR  OK. ["%1" /S]
     
179. .CHM  OK. ["C:\WINNT\hh.exe" %1]
     
180. .HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
     
181. .INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
     
182. .INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
     
183. .VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
     
184. .JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
     
185. .LNK  OK. [{00021401-0000-0000-C000-000000000046}]
     
186. ==================================
     
187. Winsock 提供者
     
188. N/A
     
189. ==================================
     
190. Autorun.inf
     
191. N/A
     
192. ==================================
     
193. HOSTS 文件
     
194. 127.0.0.1       localhost
     
195. ==================================
     
196. API HOOK
     
197. RVA  错误： LoadLibraryA (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xB7B1AB25)
     
198. RVA  错误： LoadLibraryExA (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xB7B1AD67)
     
199. RVA  错误： LoadLibraryExW (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xB7B1AF0B)
     
200. RVA  错误： LoadLibraryW (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xB7B1AC49)
     
201. RVA  错误： GetProcAddress (危险等级: 高,  被下面模块所HOOK: Dest Addr: 0xB7B1AE8F)
     
202. ==================================
     
203. 隐藏进程
     
204. N/A
     
205. ==================================
     

复制代码

wangjay1980

还在？

hflcat

不报警了

wangjay1980

那个VBS再不在