楼主: hflcat
收起左侧

求助木马程序 Trojan-Downloader.VBS.Small.bo

[复制链接]
hflcat
 楼主| 发表于 2007-3-17 00:40:47 | 显示全部楼层
原帖由 wangjay1980 于 2007-3-17 00:37 发表
现在在扫个报告,你用WINDOWS清理助手清理没有,那个是可以升级的


清理了,也升级过了,每次开机都清理一遍的
hflcat
 楼主| 发表于 2007-3-17 00:41:38 | 显示全部楼层
原帖由 wangjay1980 于 2007-3-17 00:35 发表
你先把那个IE删除吧估计已经被有问题了


删了么的启动程序了
hflcat
 楼主| 发表于 2007-3-17 00:44:23 | 显示全部楼层

  1. 2007-03-17,00:47:30
  2. System Repair Engineer 2.4.12.806
  3. Smallfrogs (http://www.KZTechs.com)
  4. Windows 2000 Professional Service Pack 4 (Build 2195) - 管理权限用户 - 完整功能
  5. 以下内容被选中:
  6.     所有的启动项目(包括注册表、启动文件夹、服务等)
  7.     浏览器加载项
  8.     正在运行的进程(包括进程模块信息)
  9.     文件关联
  10.     Winsock 提供者
  11.     Autorun.inf
  12.     HOSTS 文件

  13. 启动项目
  14. 注册表
  15. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  16.     <Synchronization Manager><mobsync.exe /logon>  [(Verified)Microsoft Windows 2000 Publisher]
  17.     <SoundMan><SOUNDMAN.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
  18.     <ATIPTA><C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe>  [ATI Technologies, Inc.]
  19.     <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
  20.     <StormCodec_Helper><"D:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti>  [N/A]
  21.     <kav><"D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe">  [Kaspersky Lab]
  22. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  23.     <shell><Explorer.exe>  [(Verified)Microsoft Windows 2000 Publisher]
  24.     <Userinit><C:\WINNT\system32\userinit.exe,>  [(Verified)Microsoft Windows 2000 Publisher]
  25. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
  26.     <WinlogonNotify: klogon><C:\WINNT\system32\klogon.dll>  [Kaspersky Lab]
  27. ==================================
  28. 启动文件夹
  29. [ADSL拨号王]
  30.   <C:\Documents and Settings\y\「开始」菜单\程序\启动\ADSL拨号王.lnk --> C:\PROGRA~1\HelloNet\HelloNet.exe [HelloNet]><N>
  31. ==================================
  32. 服务
  33. [Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
  34.   <C:\WINNT\system32\Ati2evxx.exe><ATI Technologies Inc.>
  35. [卡巴斯基反病毒6.0 / AVP][Running/Auto Start]
  36.   <"D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r><Kaspersky Lab>
  37. [Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
  38.   <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
  39. ==================================
  40. 驱动程序
  41. [Service for WDM 3D Audio Driver / ALCXSENS][Stopped/Manual Start]
  42.   <system32\drivers\ALCXSENS.SYS><Sensaura>
  43. [Service for Realtek AC97 Audio (WDM) / ALCXWDM][Stopped/Manual Start]
  44.   <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
  45. [ati2mtag / ati2mtag][Running/Manual Start]
  46.   <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
  47. [AVG Anti-Spyware Driver / AVG Anti-Spyware Driver][Running/System Start]
  48.   <\??\d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys><N/A>
  49. [AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start]
  50.   <System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.>
  51. [HelloNet PPPoE 虚拟网卡 / BRPPPOE][Running/Manual Start]
  52.   <system32\DRIVERS\brpppoe.sys><N/A>
  53. [SoundFusion(tm) WDM Driver / cwrwdm][Stopped/Manual Start]
  54.   <system32\DRIVERS\cwrwdm.sys><Cirrus Logic Inc.>
  55. [dmboot / dmboot][Stopped/Disabled]
  56.   <System32\drivers\dmboot.sys><VERITAS Software Corp.>
  57. [Logical Disk Manager Driver / dmio][Running/Boot Start]
  58.   <\SystemRoot\System32\drivers\dmio.sys><VERITAS Software Corp.>
  59. [dmload / dmload][Running/Boot Start]
  60.   <\SystemRoot\System32\drivers\dmload.sys><VERITAS Software Corp.>
  61. [SoundFusion(tm) Joystick / gameenum][Stopped/Manual Start]
  62.   <system32\DRIVERS\gameenum.sys><N/A>
  63. [IdeBusDr / IdeBusDr][Running/Boot Start]
  64.   <\SystemRoot\system32\DRIVERS\IdeBusDr.sys><Intel Corporation>
  65. [Intel(R) Ultra ATA Controller / IdeChnDr][Running/Boot Start]
  66.   <\SystemRoot\system32\DRIVERS\IdeChnDr.sys><Intel Corporation>
  67. [kl1 / kl1][Running/Boot Start]
  68.   <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
  69. [klif / klif][Running/System Start]
  70.   <\??\C:\WINNT\system32\drivers\klif.sys><Kaspersky Lab>
  71. [npkcrypt / npkcrypt][Running/Auto Start]
  72.   <\??\E:\Program Files\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
  73. [PfModNT / PfModNT][Running/Auto Start]
  74.   <\??\C:\WINNT\system32\PfModNT.sys><Creative Technology Ltd.>
  75. [Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  76.   <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
  77. [Realtek RTL8139-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  78.   <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
  79. [Sound Blaster AudioPCI Audio Driver (WDM) / sbpci][Stopped/Manual Start]
  80.   <system32\drivers\sbpci.sys><Creative Technology Ltd.>
  81. [TSP / TSP][Stopped/Manual Start]
  82.   <\??\C:\WINNT\system32\drivers\klif.sys><Kaspersky Lab>
  83. [World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  84.   <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
  85. ==================================
  86. 浏览器加载项
  87. [NavigatMon Class]
  88.   {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <E:\Program Files\360safe\safemon\safemon.dll, >
  89. [浩方对战平台]
  90.   {0A155D3C-68E2-4215-A47A-E800A446447A} <E:\Program Files\浩方对战平台\GameClient.exe, 上海浩方在线信息技术有限公司>
  91. [Web反病毒保护]
  92.   {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll, Kaspersky Lab>
  93. [QQ]
  94.   {c95fe080-8f5d-11d2-a20b-00aa003c157b} <E:\Program Files\QQ\QQ.EXE, TENCENT>
  95. [FlashGet]
  96.   {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <C:\PROGRA~1\FLASHGET\flashget.exe, Amaze Soft>
  97. [@msdxmLC.dll,-1@2052,电台(&R)]
  98.   {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\system32\msdxm.ocx, Microsoft Corporation>
  99. [Edit Class]
  100.   {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <C:\WINNT\system32\CMBEdit.dll, >
  101. [CKAVWebScan Object]
  102.   {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} <C:\WINNT\system32\Kaspersky Lab\Kaspersky Online Scanner Pro\kavwebscan.dll, Kaspersky Lab>
  103. [CEditCtrl Object]
  104.   {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINNT\system32\aliedit\AliEdit.dll, www.alipay.com>
  105. [AxInputControl Class]
  106.   {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINNT\DOWNLO~1\INPUTC~1.DLL, >
  107. [KSHScan Control]
  108.   {ACFE8232-03C5-4AEC-AF5E-42B806724096} <C:\WINNT\system32\kingsoft\ONLINE~1\KSHScan.ocx, kingsoft>
  109. [Shockwave Flash Object]
  110.   {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
  111. [Rising Web Scan Object]
  112.   {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINNT\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
  113. [上传到QQ网络硬盘]
  114.   <E:\Program Files\QQ\AddToNetDisk.htm, N/A>
  115. [使用网际快车下载]
  116.   <C:\Program Files\FlashGet\jc_link.htm, N/A>
  117. [使用网际快车下载全部链接]
  118.   <C:\Program Files\FlashGet\jc_all.htm, N/A>
  119. [添加到QQ自定义面板]
  120.   <E:\Program Files\QQ\AddPanel.htm, N/A>
  121. [添加到QQ表情]
  122.   <E:\Program Files\QQ\AddEmotion.htm, N/A>
  123. [用QQ彩信发送该图片]
  124.   <E:\Program Files\QQ\SendMMS.htm, N/A>
  125. ==================================
  126. 正在运行的进程
  127. [PID: 172][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.00.2195.6601]
  128. [PID: 200][\??\C:\WINNT\system32\csrss.exe]  [Microsoft Corporation, 5.00.2195.6601]
  129. [PID: 196][\??\C:\WINNT\system32\winlogon.exe]  [Microsoft Corporation, 5.00.2195.6997]
  130.     [C:\WINNT\system32\wdmaud.drv]  [Microsoft Corporation, 5.00.2195.6673]
  131.     [C:\WINNT\system32\Ati2evxx.dll]  [ATI Technologies Inc., 6.14.10.4110]
  132.     [C:\WINNT\system32\klogon.dll]  [Kaspersky Lab, 6.0.0.299]
  133. [PID: 248][C:\WINNT\system32\services.exe]  [Microsoft Corporation, 5.00.2195.7035]
  134.     [C:\WINNT\system32\dmserver.dll]  [VERITAS Software Corp., 2195.6605.297.3]
  135. [PID: 260][C:\WINNT\system32\lsass.exe]  [Microsoft Corporation, 5.00.2195.7011]
  136. [PID: 368][C:\WINNT\system32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4110]
  137.     [C:\WINNT\system32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2495]
  138. [PID: 460][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
  139. [PID: 484][C:\WINNT\system32\spoolsv.exe]  [Microsoft Corporation, 5.00.2195.7059]
  140. [PID: 536][C:\WINNT\System32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
  141.     [C:\WINNT\System32\unimdm.tsp]  [Microsoft Corporation, 5.00.2195.6601]
  142.     [C:\WINNT\System32\kmddsp.tsp]  [Microsoft Corporation, 5.00.2150.1]
  143.     [C:\WINNT\System32\ndptsp.tsp]  [Microsoft Corporation, 5.00.2143.1]
  144.     [C:\WINNT\System32\ipconf.tsp]  [Microsoft Corporation, 5.00.2143.1]
  145.     [C:\WINNT\System32\h323.tsp]  [Microsoft Corporation, 5.00.2195.6901]
  146. [PID: 952][C:\WINNT\Explorer.EXE]  [Microsoft Corporation, 5.00.3700.6690]
  147.     [C:\WINNT\AppPatch\AcLayers.DLL]  [Microsoft Corporation, 5.00.2195.6717]
  148.     [C:\WINNT\system32\wdmaud.drv]  [Microsoft Corporation, 5.00.2195.6673]
  149.     [C:\WINNT\system32\msacm32.drv]  [Microsoft Corporation, 5.00.2134.1]
  150.     [C:\Program Files\Microsoft Office\Office10\msohev.dll]  [Microsoft Corporation, 10.0.2609]
  151.     [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
  152.     [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scr_ch_pg.dll]  [Kaspersky Lab, 1.0.6.299]
  153.     [C:\WINNT\system32\MSVCP60.dll]  [Microsoft Corporation, 6.00.8972.0]
  154.     [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\klscav.dll]  [Kaspersky Lab, 6.0.0.299]
  155.     [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\pr_remote.dll]  [Kaspersky Lab, 6.0.0.299]
  156.     [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll]  [Kaspersky Lab, 6.0.0.299]
  157.     [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prkernel.ppl]  [Kaspersky Lab, 6.0.0.304]
  158.     [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\params.ppl]  [Kaspersky Lab, 6.0.0.299]
  159.     [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\pxstub.ppl]  [Kaspersky Lab, 6.0.0.299]
  160.     [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\tempfile.ppl]  [Kaspersky Lab, 6.0.0.299]
  161.     [C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL]  [Microsoft Corporation, 10.145.3810.0]
  162.     [C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\pkmws.dll]  [Microsoft Corporation, 10.145.3722.0]
  163.     [C:\Program Files\Common Files\Microsoft Shared\Web Folders\2052\nsextint.dll]  [Microsoft Corporation, 10.145.3722.0]
  164.     [E:\Program Files\QQ\qdshm.dll]  [, 1, 0, 101, 20]
  165.     [E:\Program Files\QQ\MFC42.DLL]  [Microsoft Corporation, 6.00.8665.0]
  166.     [D:\PROGRA~1\WINZIP\WZSHLSTB.DLL]  [WinZip Computing, Inc., 4.1 (32-bit)]
  167.     [D:\Program Files\WinRAR\rarext.dll]  [N/A, ]
  168.     [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\shellex.dll]  [Kaspersky Lab, 6.0.0.299]
  169.     [d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll]  [Anti-Malware Development a.s., 7, 5, 0, 49]
  170.     [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\nfio.ppl]  [Kaspersky Lab, 6.0.0.299]
  171.     [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\fsdrvplgn.ppl]  [Kaspersky Lab, 6.0.0.299]
  172.     [E:\Program Files\360safe\safemon\safemon.dll]  [, 3, 2, 0, 1001]
  173. [PID: 1192][C:\WINNT\SOUNDMAN.EXE]  [Realtek Semiconductor Corp., 5.1.0.24]
  174. [PID: 1208][C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe]  [ATI Technologies, Inc., 6.14.10.5134]
  175.     [C:\Program Files\ATI Technologies\ATI Control Panel\atipdsxx.dll]  [ATI Technologies, Inc., 6.14.10.5134]
  176.     [C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATRPUIXX.CHS]  [ATI Technologies, Inc., 6.14.10.5134]
  177.     [C:\Program Files\ATI Technologies\ATI Control Panel\atipdxxx.dll]  [ATI Technologies, Inc., 6.14.10.5134]
  178.     [C:\WINNT\system32\DINPUT8.dll]  [Microsoft Corporation, 5.1.2600.881 built by: Lab06_N(mmbuild)         ]
  179. [PID: 1216][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  [RealNetworks, Inc., 0.1.0.3249]
  180. [PID: 1304][C:\Program Files\HelloNet\HNMainUI.exe]  [, 2, 3, 0, 1]
  181.     [C:\Program Files\HelloNet\HNKernel.dll]  [HelloNet, 2.2.0.1]
  182.     [C:\Program Files\HelloNet\HNUtils.dll]  [, 2, 2, 0, 1]
  183.     [C:\Program Files\HelloNet\HNRes_0804.dll]  [, 2, 2, 0, 1]
  184.     [C:\Program Files\HelloNet\plugins\Diagnose.dll]  [HelloNet, 2.2.0.1]
  185. [PID: 1028][C:\Documents and Settings\y\桌面\iexplore.exe]  [N/A, ]
  186.     [E:\Program Files\360safe\safemon\safemon.dll]  [, 3, 2, 0, 1001]
  187.     [C:\Program Files\Microsoft Office\Office10\msohev.dll]  [Microsoft Corporation, 10.0.2609]
  188.     [C:\WINNT\system32\wdmaud.drv]  [Microsoft Corporation, 5.00.2195.6673]
  189.     [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scr_ch_pg.dll]  [Kaspersky Lab, 1.0.6.299]
  190.     [C:\WINNT\system32\MSVCP60.dll]  [Microsoft Corporation, 6.00.8972.0]
  191.     [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\klscav.dll]  [Kaspersky Lab, 6.0.0.299]
  192.     [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\pr_remote.dll]  [Kaspersky Lab, 6.0.0.299]
  193.     [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll]  [Kaspersky Lab, 6.0.0.299]
  194.     [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prkernel.ppl]  [Kaspersky Lab, 6.0.0.304]
  195.     [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\params.ppl]  [Kaspersky Lab, 6.0.0.299]
  196.     [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\pxstub.ppl]  [Kaspersky Lab, 6.0.0.299]
  197.     [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\tempfile.ppl]  [Kaspersky Lab, 6.0.0.299]
  198.     [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\nfio.ppl]  [Kaspersky Lab, 6.0.0.299]
  199.     [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\fsdrvplgn.ppl]  [Kaspersky Lab, 6.0.0.299]
  200.     [C:\WINNT\system32\winabc.ime]  [Microsoft Corporation, 5.00.2195.6601]
  201.     [C:\WINNT\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
  202.     [C:\WINNT\system32\msacm32.drv]  [Microsoft Corporation, 5.00.2134.1]
  203.     [C:\WINNT\system32\msratelc.dll]  [Microsoft Corporation, 6.00.2800.1106]
  204. [PID: 1460][C:\Documents and Settings\y\桌面\iexplore.exe]  [N/A, ]
  205.     [E:\Program Files\360safe\safemon\safemon.dll]  [, 3, 2, 0, 1001]
  206.     [C:\Program Files\Microsoft Office\Office10\msohev.dll]  [Microsoft Corporation, 10.0.2609]
  207.     [C:\WINNT\system32\wdmaud.drv]  [Microsoft Corporation, 5.00.2195.6673]
  208.     [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
  209.     [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scr_ch_pg.dll]  [Kaspersky Lab, 1.0.6.299]
  210.     [C:\WINNT\system32\MSVCP60.dll]  [Microsoft Corporation, 6.00.8972.0]
  211.     [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\klscav.dll]  [Kaspersky Lab, 6.0.0.299]
  212.     [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\pr_remote.dll]  [Kaspersky Lab, 6.0.0.299]
  213.     [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll]  [Kaspersky Lab, 6.0.0.299]
  214.     [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prkernel.ppl]  [Kaspersky Lab, 6.0.0.304]
  215.     [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\params.ppl]  [Kaspersky Lab, 6.0.0.299]
  216.     [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\pxstub.ppl]  [Kaspersky Lab, 6.0.0.299]
  217.     [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\tempfile.ppl]  [Kaspersky Lab, 6.0.0.299]
  218.     [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\nfio.ppl]  [Kaspersky Lab, 6.0.0.299]
  219.     [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\fsdrvplgn.ppl]  [Kaspersky Lab, 6.0.0.299]
  220.     [C:\WINNT\system32\winabc.ime]  [Microsoft Corporation, 5.00.2195.6601]
  221.     [C:\WINNT\system32\msratelc.dll]  [Microsoft Corporation, 6.00.2800.1106]
  222. [PID: 1756][E:\q\SpeedSim.exe]  [SpeedSim Developers, 0, 9, 5, 1]
  223.     [C:\WINNT\system32\MSVCP60.dll]  [Microsoft Corporation, 6.00.8972.0]
  224.     [E:\q\SpeedKernel.dll]  [SpeedSim Developers, 0, 9, 5, 1]
  225. [PID: 2048][E:\SRE\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
  226. ==================================
  227. 文件关联
  228. .TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
  229. .EXE  OK. ["%1" %*]
  230. .COM  OK. ["%1" %*]
  231. .PIF  OK. ["%1" %*]
  232. .REG  OK. [regedit.exe "%1"]
  233. .BAT  OK. ["%1" %*]
  234. .SCR  OK. ["%1" /S]
  235. .CHM  OK. ["C:\WINNT\hh.exe" %1]
  236. .HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
  237. .INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
  238. .INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
  239. .VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
  240. .JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
  241. .LNK  OK. [{00021401-0000-0000-C000-000000000046}]
  242. ==================================
  243. Winsock 提供者
  244. N/A
  245. ==================================
  246. Autorun.inf
  247. N/A
  248. ==================================
  249. HOSTS 文件
  250. 127.0.0.1       localhost
  251. ==================================
  252. API HOOK
  253. RVA  错误: LoadLibraryA (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xB7AF8B25)
  254. RVA  错误: LoadLibraryExA (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xB7AF8D67)
  255. RVA  错误: LoadLibraryExW (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xB7AF8F0B)
  256. RVA  错误: LoadLibraryW (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xB7AF8C49)
  257. RVA  错误: GetProcAddress (危险等级: 高,  被下面模块所HOOK: Dest Addr: 0xB7AF8E8F)
  258. ==================================
  259. 隐藏进程
  260. N/A
  261. ==================================
复制代码
wangjay1980
发表于 2007-3-17 00:47:41 | 显示全部楼层
C:\program files\Internet Explorer\Connection Wizard\icwx25b.dun你看看有没有这个文件
hflcat
 楼主| 发表于 2007-3-17 00:50:48 | 显示全部楼层
原帖由 wangjay1980 于 2007-3-17 00:47 发表
C:\program files\Internet Explorer\Connection Wizard\icwx25b.dun你看看有没有这个文件


C:\program files\Internet Explorer\Connection Wizard\icwx25a.dun

C:\program files\Internet Explorer\Connection Wizard\icwx25b.dun

C:\program files\Internet Explorer\Connection Wizard\icwx25c.dun

A,B,C都有,是不是很严重
wangjay1980
发表于 2007-3-17 00:54:02 | 显示全部楼层
hflcat
 楼主| 发表于 2007-3-17 00:56:00 | 显示全部楼层
原帖由 wangjay1980 于 2007-3-17 00:54 发表
你还是装个冰刃吧http://www.blogcn.com/user17/pjf/blog/51000125.html


IceSword1.18 我有装的,

一直看见斑竹在推荐这个,置顶贴也有,早就装了

另外发现个问题,直接点击斑竹给的连接地址,IE显示空白无反映。

我是复制到新的IE窗口回车进入的。

前面的下载页面也是,直接点击也是空白页,要另存。

[ 本帖最后由 hflcat 于 2007-3-17 01:01 编辑 ]
wangjay1980
发表于 2007-3-17 01:00:50 | 显示全部楼层
那你打开
wangjay1980
发表于 2007-3-17 01:01:51 | 显示全部楼层
看看有没有可疑的进程
hflcat
 楼主| 发表于 2007-3-17 01:02:13 | 显示全部楼层
原帖由 wangjay1980 于 2007-3-17 01:00 发表
那你打开


开着的,前面贴的图下面应该看的到。。。

就觉得那个EXPLORER。EXE满可疑的。。。

[ 本帖最后由 hflcat 于 2007-3-17 01:05 编辑 ]
a2222222222222.jpg
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-12-22 21:00 , Processed in 0.104970 second(s), 17 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表