楼主: hflcat
收起左侧

求助木马程序 Trojan-Downloader.VBS.Small.bo

[复制链接]
hflcat
 楼主| 发表于 2007-3-20 21:22:25 | 显示全部楼层

  1. 2007-03-20,21:25:38
  2. System Repair Engineer 2.4.12.806
  3. Smallfrogs (http://www.KZTechs.com)
  4. Windows 2000 Professional Service Pack 4 (Build 2195) - 管理权限用户 - 完整功能
  5. 以下内容被选中:
  6.     所有的启动项目(包括注册表、启动文件夹、服务等)
  7.     浏览器加载项
  8.     正在运行的进程(包括进程模块信息)
  9.     文件关联
  10.     Winsock 提供者
  11.     Autorun.inf
  12.     HOSTS 文件

  13. 启动项目
  14. 注册表
  15. [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  16.     <internat.exe><internat.exe>  [(Verified)Microsoft Windows 2000 Publisher]
  17. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  18.     <ATIPTA><C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe>  [ATI Technologies, Inc.]
  19.     <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
  20.     <StormCodec_Helper><"D:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti>  [N/A]
  21.     <kav><"D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe">  [Kaspersky Lab]
  22.     <SoundMan><SOUNDMAN.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
  23.     <Synchronization Manager><mobsync.exe /logon>  [(Verified)Microsoft Windows 2000 Publisher]
  24. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  25.     <shell><Explorer.exe>  [(Verified)Microsoft Windows 2000 Publisher]
  26.     <Userinit><C:\WINNT\system32\userinit.exe,>  [(Verified)Microsoft Windows 2000 Publisher]
  27. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
  28.     <WinlogonNotify: klogon><C:\WINNT\system32\klogon.dll>  [Kaspersky Lab]
  29. ==================================
  30. 启动文件夹
  31. [ADSL拨号王]
  32.   <C:\Documents and Settings\y\「开始」菜单\程序\启动\ADSL拨号王.lnk --> C:\PROGRA~1\HelloNet\HelloNet.exe [HelloNet]><N>
  33. ==================================
  34. 服务
  35. [Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
  36.   <C:\WINNT\system32\Ati2evxx.exe><ATI Technologies Inc.>
  37. [卡巴斯基反病毒6.0 / AVP][Running/Auto Start]
  38.   <"D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r><Kaspersky Lab>
  39. [Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
  40.   <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
  41. [system Security Center / system Security Center   ][Stopped/Auto Start]
  42.   <C:\WINNT\system.com.cn.ini><N/A>
  43. ==================================
  44. 驱动程序
  45. [Service for WDM 3D Audio Driver / ALCXSENS][Stopped/Manual Start]
  46.   <system32\drivers\ALCXSENS.SYS><Sensaura>
  47. [Service for Realtek AC97 Audio (WDM) / ALCXWDM][Stopped/Manual Start]
  48.   <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
  49. [ati2mtag / ati2mtag][Running/Manual Start]
  50.   <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
  51. [AVG Anti-Spyware Driver / AVG Anti-Spyware Driver][Running/System Start]
  52.   <\??\d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys><N/A>
  53. [AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start]
  54.   <System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.>
  55. [HelloNet PPPoE 虚拟网卡 / BRPPPOE][Running/Manual Start]
  56.   <system32\DRIVERS\brpppoe.sys><N/A>
  57. [SoundFusion(tm) WDM Driver / cwrwdm][Stopped/Manual Start]
  58.   <system32\DRIVERS\cwrwdm.sys><Cirrus Logic Inc.>
  59. [dmboot / dmboot][Stopped/Disabled]
  60.   <System32\drivers\dmboot.sys><VERITAS Software Corp.>
  61. [Logical Disk Manager Driver / dmio][Stopped/Disabled]
  62.   <System32\drivers\dmio.sys><VERITAS Software Corp.>
  63. [dmload / dmload][Stopped/Disabled]
  64.   <System32\drivers\dmload.sys><VERITAS Software Corp.>
  65. [SoundFusion(tm) Joystick / gameenum][Stopped/Manual Start]
  66.   <system32\DRIVERS\gameenum.sys><N/A>
  67. [IdeBusDr / IdeBusDr][Running/Boot Start]
  68.   <\SystemRoot\system32\DRIVERS\IdeBusDr.sys><Intel Corporation>
  69. [Intel(R) Ultra ATA Controller / IdeChnDr][Running/Boot Start]
  70.   <\SystemRoot\system32\DRIVERS\IdeChnDr.sys><Intel Corporation>
  71. [kl1 / kl1][Running/Boot Start]
  72.   <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
  73. [klif / klif][Running/System Start]
  74.   <\??\C:\WINNT\system32\drivers\klif.sys><Kaspersky Lab>
  75. [npkcrypt / npkcrypt][Running/Auto Start]
  76.   <\??\E:\Program Files\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
  77. [PfModNT / PfModNT][Running/Auto Start]
  78.   <\??\C:\WINNT\system32\PfModNT.sys><Creative Technology Ltd.>
  79. [Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  80.   <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
  81. [Realtek RTL8139-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  82.   <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
  83. [Sound Blaster AudioPCI Audio Driver (WDM) / sbpci][Stopped/Manual Start]
  84.   <system32\drivers\sbpci.sys><Creative Technology Ltd.>
  85. [TSP / TSP][Stopped/Manual Start]
  86.   <\??\C:\WINNT\system32\drivers\klif.sys><Kaspersky Lab>
  87. [World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  88.   <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
  89. ==================================
  90. 浏览器加载项
  91. [NavigatMon Class]
  92.   {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <E:\Program Files\360safe\safemon\safemon.dll, >
  93. [浩方对战平台]
  94.   {0A155D3C-68E2-4215-A47A-E800A446447A} <E:\Program Files\浩方对战平台\GameClient.exe, 上海浩方在线信息技术有限公司>
  95. [Web反病毒保护]
  96.   {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll, Kaspersky Lab>
  97. [QQ]
  98.   {c95fe080-8f5d-11d2-a20b-00aa003c157b} <E:\Program Files\QQ\QQ.EXE, TENCENT>
  99. [FlashGet]
  100.   {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <C:\PROGRA~1\FLASHGET\flashget.exe, Amaze Soft>
  101. [@msdxmLC.dll,-1@2052,电台(&R)]
  102.   {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\system32\msdxm.ocx, Microsoft Corporation>
  103. [Edit Class]
  104.   {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <C:\WINNT\system32\CMBEdit.dll, >
  105. [CKAVWebScan Object]
  106.   {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} <C:\WINNT\system32\Kaspersky Lab\Kaspersky Online Scanner Pro\kavwebscan.dll, Kaspersky Lab>
  107. [CEditCtrl Object]
  108.   {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINNT\system32\aliedit\AliEdit.dll, www.alipay.com>
  109. [AxInputControl Class]
  110.   {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINNT\DOWNLO~1\INPUTC~1.DLL, >
  111. [KSHScan Control]
  112.   {ACFE8232-03C5-4AEC-AF5E-42B806724096} <C:\WINNT\system32\kingsoft\ONLINE~1\KSHScan.ocx, kingsoft>
  113. [Shockwave Flash Object]
  114.   {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
  115. [Rising Web Scan Object]
  116.   {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINNT\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
  117. [上传到QQ网络硬盘]
  118.   <E:\Program Files\QQ\AddToNetDisk.htm, N/A>
  119. [使用网际快车下载]
  120.   <C:\Program Files\FlashGet\jc_link.htm, N/A>
  121. [使用网际快车下载全部链接]
  122.   <C:\Program Files\FlashGet\jc_all.htm, N/A>
  123. [添加到QQ自定义面板]
  124.   <E:\Program Files\QQ\AddPanel.htm, N/A>
  125. [添加到QQ表情]
  126.   <E:\Program Files\QQ\AddEmotion.htm, N/A>
  127. [用QQ彩信发送该图片]
  128.   <E:\Program Files\QQ\SendMMS.htm, N/A>
  129. ==================================
  130. 正在运行的进程
  131. [PID: 168][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.00.2195.6601]
  132. [PID: 196][\??\C:\WINNT\system32\csrss.exe]  [Microsoft Corporation, 5.00.2195.6601]
  133. [PID: 192][\??\C:\WINNT\system32\winlogon.exe]  [Microsoft Corporation, 5.00.2195.6997]
  134.     [C:\WINNT\system32\wdmaud.drv]  [Microsoft Corporation, 5.00.2195.6673]
  135.     [C:\WINNT\system32\Ati2evxx.dll]  [ATI Technologies Inc., 6.14.10.4110]
  136.     [C:\WINNT\system32\klogon.dll]  [Kaspersky Lab, 6.0.0.299]
  137. [PID: 244][C:\WINNT\system32\services.exe]  [Microsoft Corporation, 5.00.2195.7035]
  138.     [C:\WINNT\system32\dmserver.dll]  [VERITAS Software Corp., 2195.6605.297.3]
  139. [PID: 256][C:\WINNT\system32\lsass.exe]  [Microsoft Corporation, 5.00.2195.7011]
  140. [PID: 368][C:\WINNT\system32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4110]
  141.     [C:\WINNT\system32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2495]
  142. [PID: 456][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
  143. [PID: 980][C:\WINNT\Explorer.EXE]  [Microsoft Corporation, 5.00.3700.6690]
  144.     [C:\WINNT\AppPatch\AcLayers.DLL]  [Microsoft Corporation, 5.00.2195.6717]
  145.     [C:\WINNT\system32\wdmaud.drv]  [Microsoft Corporation, 5.00.2195.6673]
  146.     [C:\WINNT\system32\msacm32.drv]  [Microsoft Corporation, 5.00.2134.1]
  147.     [E:\Program Files\360safe\safemon\safemon.dll]  [, 3, 2, 0, 1001]
  148.     [C:\Program Files\Microsoft Office\Office10\msohev.dll]  [Microsoft Corporation, 10.0.2609]
  149.     [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
  150. [PID: 1188][C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe]  [ATI Technologies, Inc., 6.14.10.5134]
  151.     [C:\Program Files\ATI Technologies\ATI Control Panel\atipdsxx.dll]  [ATI Technologies, Inc., 6.14.10.5134]
  152.     [C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATRPUIXX.CHS]  [ATI Technologies, Inc., 6.14.10.5134]
  153.     [C:\Program Files\ATI Technologies\ATI Control Panel\atipdxxx.dll]  [ATI Technologies, Inc., 6.14.10.5134]
  154.     [C:\WINNT\system32\DINPUT8.dll]  [Microsoft Corporation, 5.1.2600.881 built by: Lab06_N(mmbuild)         ]
  155. [PID: 1212][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  [RealNetworks, Inc., 0.1.0.3249]
  156. [PID: 1252][C:\WINNT\SOUNDMAN.EXE]  [Realtek Semiconductor Corp., 5.1.0.24]
  157. [PID: 1320][C:\Program Files\HelloNet\HNMainUI.exe]  [, 2, 3, 0, 1]
  158.     [C:\Program Files\HelloNet\HNKernel.dll]  [HelloNet, 2.2.0.1]
  159.     [C:\Program Files\HelloNet\HNUtils.dll]  [, 2, 2, 0, 1]
  160.     [C:\Program Files\HelloNet\HNRes_0804.dll]  [, 2, 2, 0, 1]
  161.     [C:\Program Files\HelloNet\plugins\Diagnose.dll]  [HelloNet, 2.2.0.1]
  162. [PID: 884][E:\SRE\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
  163. ==================================
  164. 文件关联
  165. .TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
  166. .EXE  OK. ["%1" %*]
  167. .COM  OK. ["%1" %*]
  168. .PIF  OK. ["%1" %*]
  169. .REG  OK. [regedit.exe "%1"]
  170. .BAT  OK. ["%1" %*]
  171. .SCR  OK. ["%1" /S]
  172. .CHM  OK. ["C:\WINNT\hh.exe" %1]
  173. .HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
  174. .INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
  175. .INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
  176. .VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
  177. .JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
  178. .LNK  OK. [{00021401-0000-0000-C000-000000000046}]
  179. ==================================
  180. Winsock 提供者
  181. N/A
  182. ==================================
  183. Autorun.inf
  184. N/A
  185. ==================================
  186. HOSTS 文件
  187. 127.0.0.1       localhost
  188. ==================================
  189. API HOOK
  190. RVA  错误: LoadLibraryA (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xB7B1AB25)
  191. RVA  错误: LoadLibraryExA (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xB7B1AD67)
  192. RVA  错误: LoadLibraryExW (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xB7B1AF0B)
  193. RVA  错误: LoadLibraryW (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xB7B1AC49)
  194. RVA  错误: GetProcAddress (危险等级: 高,  被下面模块所HOOK: Dest Addr: 0xB7B1AE8F)
  195. ==================================
  196. 隐藏进程
  197. N/A
  198. ==================================
复制代码
hflcat
 楼主| 发表于 2007-3-20 21:23:41 | 显示全部楼层
[Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
  <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[system Security Center / system Security Center   ][Stopped/Auto Start]
  <C:\WINNT\system.com.cn.ini>

这两个服务。。。
henren0206
发表于 2007-3-20 21:24:52 | 显示全部楼层
我跟楼主一样的现象,都快一个月了,解决不了,快疯了!
wangjay1980
发表于 2007-3-20 21:30:59 | 显示全部楼层
[Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
  <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
这个设置为disabled
[system Security Center / system Security Center   ][Stopped/Auto Start]
  <C:\WINNT\system.com.cn.ini><N/A>
这个设置为disabled,然后删除
hflcat
 楼主| 发表于 2007-3-20 21:31:22 | 显示全部楼层
原帖由 wangjay1980 于 2007-3-20 21:30 发表

  <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
这个设置为disabled

  <C:\WINNT\system.com.cn.ini><N/A>
这个设置为disabled,然后删除


已经改了。。。
wangjay1980
发表于 2007-3-20 21:31:22 | 显示全部楼层
重启后看看
hflcat
 楼主| 发表于 2007-3-20 21:35:54 | 显示全部楼层

  1. 2007-03-20,21:39:19
  2. System Repair Engineer 2.4.12.806
  3. Smallfrogs (http://www.KZTechs.com)
  4. Windows 2000 Professional Service Pack 4 (Build 2195) - 管理权限用户 - 完整功能
  5. 以下内容被选中:
  6.     所有的启动项目(包括注册表、启动文件夹、服务等)
  7.     浏览器加载项
  8.     正在运行的进程(包括进程模块信息)
  9.     文件关联
  10.     Winsock 提供者
  11.     Autorun.inf
  12.     HOSTS 文件

  13. 启动项目
  14. 注册表
  15. [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  16.     <internat.exe><internat.exe>  [(Verified)Microsoft Windows 2000 Publisher]
  17. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  18.     <ATIPTA><C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe>  [ATI Technologies, Inc.]
  19.     <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
  20.     <StormCodec_Helper><"D:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti>  [N/A]
  21.     <kav><"D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe">  [Kaspersky Lab]
  22.     <SoundMan><SOUNDMAN.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
  23.     <Synchronization Manager><mobsync.exe /logon>  [(Verified)Microsoft Windows 2000 Publisher]
  24. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  25.     <shell><Explorer.exe>  [(Verified)Microsoft Windows 2000 Publisher]
  26.     <Userinit><C:\WINNT\system32\userinit.exe,>  [(Verified)Microsoft Windows 2000 Publisher]
  27. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
  28.     <WinlogonNotify: klogon><C:\WINNT\system32\klogon.dll>  [Kaspersky Lab]
  29. ==================================
  30. 启动文件夹
  31. [ADSL拨号王]
  32.   <C:\Documents and Settings\y\「开始」菜单\程序\启动\ADSL拨号王.lnk --> C:\PROGRA~1\HelloNet\HelloNet.exe [HelloNet]><N>
  33. ==================================
  34. 服务
  35. [Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
  36.   <C:\WINNT\system32\Ati2evxx.exe><ATI Technologies Inc.>
  37. [卡巴斯基反病毒6.0 / AVP][Running/Auto Start]
  38.   <"D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r><Kaspersky Lab>
  39. [Logical Disk Manager Administrative Service / dmadmin][Stopped/Disabled]
  40.   <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
  41. ==================================
  42. 驱动程序
  43. [Service for WDM 3D Audio Driver / ALCXSENS][Stopped/Manual Start]
  44.   <system32\drivers\ALCXSENS.SYS><Sensaura>
  45. [Service for Realtek AC97 Audio (WDM) / ALCXWDM][Stopped/Manual Start]
  46.   <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
  47. [ati2mtag / ati2mtag][Running/Manual Start]
  48.   <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
  49. [AVG Anti-Spyware Driver / AVG Anti-Spyware Driver][Running/System Start]
  50.   <\??\d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys><N/A>
  51. [AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start]
  52.   <System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.>
  53. [HelloNet PPPoE 虚拟网卡 / BRPPPOE][Running/Manual Start]
  54.   <system32\DRIVERS\brpppoe.sys><N/A>
  55. [SoundFusion(tm) WDM Driver / cwrwdm][Stopped/Manual Start]
  56.   <system32\DRIVERS\cwrwdm.sys><Cirrus Logic Inc.>
  57. [dmboot / dmboot][Stopped/Disabled]
  58.   <System32\drivers\dmboot.sys><VERITAS Software Corp.>
  59. [Logical Disk Manager Driver / dmio][Stopped/Disabled]
  60.   <System32\drivers\dmio.sys><VERITAS Software Corp.>
  61. [dmload / dmload][Stopped/Disabled]
  62.   <System32\drivers\dmload.sys><VERITAS Software Corp.>
  63. [SoundFusion(tm) Joystick / gameenum][Stopped/Manual Start]
  64.   <system32\DRIVERS\gameenum.sys><N/A>
  65. [IdeBusDr / IdeBusDr][Running/Boot Start]
  66.   <\SystemRoot\system32\DRIVERS\IdeBusDr.sys><Intel Corporation>
  67. [Intel(R) Ultra ATA Controller / IdeChnDr][Running/Boot Start]
  68.   <\SystemRoot\system32\DRIVERS\IdeChnDr.sys><Intel Corporation>
  69. [kl1 / kl1][Running/Boot Start]
  70.   <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
  71. [klif / klif][Running/System Start]
  72.   <\??\C:\WINNT\system32\drivers\klif.sys><Kaspersky Lab>
  73. [npkcrypt / npkcrypt][Running/Auto Start]
  74.   <\??\E:\Program Files\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
  75. [PfModNT / PfModNT][Running/Auto Start]
  76.   <\??\C:\WINNT\system32\PfModNT.sys><Creative Technology Ltd.>
  77. [Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  78.   <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
  79. [Realtek RTL8139-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  80.   <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
  81. [Sound Blaster AudioPCI Audio Driver (WDM) / sbpci][Stopped/Manual Start]
  82.   <system32\drivers\sbpci.sys><Creative Technology Ltd.>
  83. [TSP / TSP][Stopped/Manual Start]
  84.   <\??\C:\WINNT\system32\drivers\klif.sys><Kaspersky Lab>
  85. [World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  86.   <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
  87. ==================================
  88. 浏览器加载项
  89. [NavigatMon Class]
  90.   {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <E:\Program Files\360safe\safemon\safemon.dll, >
  91. [浩方对战平台]
  92.   {0A155D3C-68E2-4215-A47A-E800A446447A} <E:\Program Files\浩方对战平台\GameClient.exe, 上海浩方在线信息技术有限公司>
  93. [Web反病毒保护]
  94.   {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll, Kaspersky Lab>
  95. [QQ]
  96.   {c95fe080-8f5d-11d2-a20b-00aa003c157b} <E:\Program Files\QQ\QQ.EXE, TENCENT>
  97. [FlashGet]
  98.   {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <C:\PROGRA~1\FLASHGET\flashget.exe, Amaze Soft>
  99. [@msdxmLC.dll,-1@2052,电台(&R)]
  100.   {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\system32\msdxm.ocx, Microsoft Corporation>
  101. [Edit Class]
  102.   {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <C:\WINNT\system32\CMBEdit.dll, >
  103. [CKAVWebScan Object]
  104.   {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} <C:\WINNT\system32\Kaspersky Lab\Kaspersky Online Scanner Pro\kavwebscan.dll, Kaspersky Lab>
  105. [CEditCtrl Object]
  106.   {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINNT\system32\aliedit\AliEdit.dll, www.alipay.com>
  107. [AxInputControl Class]
  108.   {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINNT\DOWNLO~1\INPUTC~1.DLL, >
  109. [KSHScan Control]
  110.   {ACFE8232-03C5-4AEC-AF5E-42B806724096} <C:\WINNT\system32\kingsoft\ONLINE~1\KSHScan.ocx, kingsoft>
  111. [Shockwave Flash Object]
  112.   {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
  113. [Rising Web Scan Object]
  114.   {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINNT\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
  115. [上传到QQ网络硬盘]
  116.   <E:\Program Files\QQ\AddToNetDisk.htm, N/A>
  117. [使用网际快车下载]
  118.   <C:\Program Files\FlashGet\jc_link.htm, N/A>
  119. [使用网际快车下载全部链接]
  120.   <C:\Program Files\FlashGet\jc_all.htm, N/A>
  121. [添加到QQ自定义面板]
  122.   <E:\Program Files\QQ\AddPanel.htm, N/A>
  123. [添加到QQ表情]
  124.   <E:\Program Files\QQ\AddEmotion.htm, N/A>
  125. [用QQ彩信发送该图片]
  126.   <E:\Program Files\QQ\SendMMS.htm, N/A>
  127. ==================================
  128. 正在运行的进程
  129. [PID: 168][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.00.2195.6601]
  130. [PID: 196][\??\C:\WINNT\system32\csrss.exe]  [Microsoft Corporation, 5.00.2195.6601]
  131. [PID: 192][\??\C:\WINNT\system32\winlogon.exe]  [Microsoft Corporation, 5.00.2195.6997]
  132.     [C:\WINNT\system32\wdmaud.drv]  [Microsoft Corporation, 5.00.2195.6673]
  133.     [C:\WINNT\system32\Ati2evxx.dll]  [ATI Technologies Inc., 6.14.10.4110]
  134.     [C:\WINNT\system32\klogon.dll]  [Kaspersky Lab, 6.0.0.299]
  135. [PID: 244][C:\WINNT\system32\services.exe]  [Microsoft Corporation, 5.00.2195.7035]
  136.     [C:\WINNT\system32\dmserver.dll]  [VERITAS Software Corp., 2195.6605.297.3]
  137. [PID: 256][C:\WINNT\system32\lsass.exe]  [Microsoft Corporation, 5.00.2195.7011]
  138. [PID: 364][C:\WINNT\system32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4110]
  139.     [C:\WINNT\system32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2495]
  140. [PID: 452][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
  141. [PID: 480][C:\WINNT\system32\spoolsv.exe]  [Microsoft Corporation, 5.00.2195.7059]
  142. [PID: 532][C:\WINNT\System32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
  143.     [C:\WINNT\System32\unimdm.tsp]  [Microsoft Corporation, 5.00.2195.6601]
  144.     [C:\WINNT\System32\kmddsp.tsp]  [Microsoft Corporation, 5.00.2150.1]
  145.     [C:\WINNT\System32\ndptsp.tsp]  [Microsoft Corporation, 5.00.2143.1]
  146.     [C:\WINNT\System32\ipconf.tsp]  [Microsoft Corporation, 5.00.2143.1]
  147.     [C:\WINNT\System32\h323.tsp]  [Microsoft Corporation, 5.00.2195.6901]
  148. [PID: 964][C:\WINNT\Explorer.EXE]  [Microsoft Corporation, 5.00.3700.6690]
  149.     [C:\WINNT\AppPatch\AcLayers.DLL]  [Microsoft Corporation, 5.00.2195.6717]
  150.     [C:\WINNT\system32\wdmaud.drv]  [Microsoft Corporation, 5.00.2195.6673]
  151.     [C:\WINNT\system32\msacm32.drv]  [Microsoft Corporation, 5.00.2134.1]
  152.     [E:\Program Files\360safe\safemon\safemon.dll]  [, 3, 2, 0, 1001]
  153.     [C:\Program Files\Microsoft Office\Office10\msohev.dll]  [Microsoft Corporation, 10.0.2609]
  154.     [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
  155. [PID: 1040][C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe]  [ATI Technologies, Inc., 6.14.10.5134]
  156.     [C:\Program Files\ATI Technologies\ATI Control Panel\atipdsxx.dll]  [ATI Technologies, Inc., 6.14.10.5134]
  157.     [C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATRPUIXX.CHS]  [ATI Technologies, Inc., 6.14.10.5134]
  158.     [C:\Program Files\ATI Technologies\ATI Control Panel\atipdxxx.dll]  [ATI Technologies, Inc., 6.14.10.5134]
  159.     [C:\WINNT\system32\DINPUT8.dll]  [Microsoft Corporation, 5.1.2600.881 built by: Lab06_N(mmbuild)         ]
  160. [PID: 1044][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  [RealNetworks, Inc., 0.1.0.3249]
  161. [PID: 1180][C:\WINNT\SOUNDMAN.EXE]  [Realtek Semiconductor Corp., 5.1.0.24]
  162. [PID: 1256][C:\Program Files\HelloNet\HNMainUI.exe]  [, 2, 3, 0, 1]
  163.     [C:\Program Files\HelloNet\HNKernel.dll]  [HelloNet, 2.2.0.1]
  164.     [C:\Program Files\HelloNet\HNUtils.dll]  [, 2, 2, 0, 1]
  165.     [C:\Program Files\HelloNet\HNRes_0804.dll]  [, 2, 2, 0, 1]
  166.     [C:\Program Files\HelloNet\plugins\Diagnose.dll]  [HelloNet, 2.2.0.1]
  167. [PID: 604][E:\SRE\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
  168. ==================================
  169. 文件关联
  170. .TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
  171. .EXE  OK. ["%1" %*]
  172. .COM  OK. ["%1" %*]
  173. .PIF  OK. ["%1" %*]
  174. .REG  OK. [regedit.exe "%1"]
  175. .BAT  OK. ["%1" %*]
  176. .SCR  OK. ["%1" /S]
  177. .CHM  OK. ["C:\WINNT\hh.exe" %1]
  178. .HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
  179. .INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
  180. .INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
  181. .VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
  182. .JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
  183. .LNK  OK. [{00021401-0000-0000-C000-000000000046}]
  184. ==================================
  185. Winsock 提供者
  186. N/A
  187. ==================================
  188. Autorun.inf
  189. N/A
  190. ==================================
  191. HOSTS 文件
  192. 127.0.0.1       localhost
  193. ==================================
  194. API HOOK
  195. RVA  错误: LoadLibraryA (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xB7B1AB25)
  196. RVA  错误: LoadLibraryExA (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xB7B1AD67)
  197. RVA  错误: LoadLibraryExW (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xB7B1AF0B)
  198. RVA  错误: LoadLibraryW (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xB7B1AC49)
  199. RVA  错误: GetProcAddress (危险等级: 高,  被下面模块所HOOK: Dest Addr: 0xB7B1AE8F)
  200. ==================================
  201. 隐藏进程
  202. N/A
  203. ==================================
复制代码
wangjay1980
发表于 2007-3-20 22:17:32 | 显示全部楼层
还在?
hflcat
 楼主| 发表于 2007-3-20 22:18:33 | 显示全部楼层
不报警了
wangjay1980
发表于 2007-3-20 22:26:39 | 显示全部楼层
那个VBS再不在
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2025-3-18 03:12 , Processed in 0.100101 second(s), 16 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表