求助木马程序 Trojan-Downloader.VBS.Small.bo

wangjay1980

看见你的IE没有，两个都是不正常的，在ICEWORD的文件选项里选设置--然后选上禁止进线程创建，然后结束IE的进程，然后按照路径删除
IEXPLORE.EXE.TMP

wangjay1980

这里有个参考，你可以看看，http://bbs.crsky.com/read.php?tid=912030

wangjay1980

下面是我的手工清除方法：
开启ICESWORD,禁止进程创建，接着结束所有的icwx25b.dun进程，然后把C:\program files\Internet Explorer\iexplore.exe.tmp删掉，再把C:\program files\Internet Explorer\Connection Wizard\icwx25b.dun删掉！
（其实他们就是一个东西，把他们改名成exe，可以发现是pe文件，加了PECompact 2.x -> Jeremy Collake的壳，脱了壳，居然是VB写的，反编一下，就能看到很多信息了网站就是v4.3yyy.cn，服务器 IP ： 210.51.170.76，地址： 北京市 网通亦庄IDC中心，还有old.3yyy.cn!）

接下来，重启，进安全模式，删掉C:\Documents and Settings\用户名\Local Settings\Temporary Internet Files\所有文件和文件夹！

最后点开始－》运行－》regedit
找到
HKEY_USERS\S-1-5-21-1547161642-854245398-682003330-500\Software\Microsoft\Internet Explorer\S-1-5-21-1547161642-854245398-682003330-500（这串数字视自己的电脑而定，不一定是我这个。）
然后把HKEY_USERS\S-1-5-21-1547161642-854245398-682003330-500\Software\Microsoft\Internet Explorer\Toolbar这个键全部删除掉！
然后在注册表里面搜索iedetect.dll，找到的键全部删掉！
再去c:\windows\system32，找到iedetect.dll和mshtmlbe.dt，删掉！！
重启电脑，清除掉之前的流氓软件，总算干净了！

注意：全操作过程之中不能有在“我的电脑”上点右键来打开“资源管理器”的操作！

wangjay1980

祝你好运，睡了 ，不行就明天看吧

hflcat

原帖由 wangjay1980 于 2007-3-17 01:15 发表
这里有个参考，你可以看看，http://bbs.crsky.com/read.php?tid=912030

谢谢，正在参考。

很晚了，打扰了

hflcat

原帖由 wangjay1980 于 2007-3-17 01:19 发表
下面是我的手工清除方法：
开启ICESWORD,禁止进程创建，接着结束所有的icwx25b.dun进程，然后把C:\program files\Internet Explorer\iexplore.exe.tmp删掉，再把C:\program files\Internet Explorer\Connectio ...

前面都照做了，但是下面这两步没有找到文件和键值

然后在注册表里面搜索iedetect.dll，找到的键全部删掉！
再去c:\windows\system32，找到iedetect.dll和mshtmlbe.dt，删掉！！

现在开机扫描卡巴还是报这个木马警告

感染: 木马程序 Trojan-PSW.Win32.OnLineGames.es C:\WINNT\gz.exe 627.2 KB

2007-3-17 10:40:52 文件 C:\WINNT\gz.exe/PE_Patch/UPack: 检测到 木马程序 Trojan-PSW.Win32.OnLineGames.es

2007-3-17 10:42:48 文件 C:\WINNT\gz.exe/PE_Patch/UPack 无法删除

hflcat

1. 2007-03-17,11:10:25
   
2. System Repair Engineer 2.4.12.806
   
3. Smallfrogs (http://www.KZTechs.com)
   
4. Windows 2000 Professional Service Pack 4 (Build 2195) - 管理权限用户 - 完整功能
   
5. 以下内容被选中：
   
6.     所有的启动项目（包括注册表、启动文件夹、服务等）
   
7.     浏览器加载项
   
8.     正在运行的进程（包括进程模块信息）
   
9.     文件关联
   
10.     Winsock 提供者
    
11.     Autorun.inf
    
12.     HOSTS 文件
    
13. 
    
14. 启动项目
    
15. 注册表
    
16. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    
17.     <Synchronization Manager><mobsync.exe /logon>  [(Verified)Microsoft Windows 2000 Publisher]
    
18.     <SoundMan><SOUNDMAN.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    
19.     <ATIPTA><C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe>  [ATI Technologies, Inc.]
    
20.     <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    
21.     <StormCodec_Helper><"D:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti>  [N/A]
    
22.     <kav><"D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe">  [Kaspersky Lab]
    
23. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    
24.     <shell><Explorer.exe>  [(Verified)Microsoft Windows 2000 Publisher]
    
25.     <Userinit><C:\WINNT\system32\userinit.exe,>  [(Verified)Microsoft Windows 2000 Publisher]
    
26. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
    
27.     <WinlogonNotify: klogon><C:\WINNT\system32\klogon.dll>  [Kaspersky Lab]
    
28. ==================================
    
29. 启动文件夹
    
30. [ADSL拨号王]
    
31.   <C:\Documents and Settings\y\「开始」菜单\程序\启动\ADSL拨号王.lnk --> C:\PROGRA~1\HelloNet\HelloNet.exe [HelloNet]><N>
    
32. ==================================
    
33. 服务
    
34. [Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
    
35.   <C:\WINNT\system32\Ati2evxx.exe><ATI Technologies Inc.>
    
36. [卡巴斯基反病毒6.0 / AVP][Running/Auto Start]
    
37.   <"D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r><Kaspersky Lab>
    
38. [Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
    
39.   <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
    
40. ==================================
    
41. 驱动程序
    
42. [Service for WDM 3D Audio Driver / ALCXSENS][Stopped/Manual Start]
    
43.   <system32\drivers\ALCXSENS.SYS><Sensaura>
    
44. [Service for Realtek AC97 Audio (WDM) / ALCXWDM][Stopped/Manual Start]
    
45.   <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
    
46. [ati2mtag / ati2mtag][Running/Manual Start]
    
47.   <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
    
48. [AVG Anti-Spyware Driver / AVG Anti-Spyware Driver][Running/System Start]
    
49.   <\??\d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys><N/A>
    
50. [AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start]
    
51.   <System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.>
    
52. [HelloNet PPPoE 虚拟网卡 / BRPPPOE][Running/Manual Start]
    
53.   <system32\DRIVERS\brpppoe.sys><N/A>
    
54. [SoundFusion(tm) WDM Driver / cwrwdm][Stopped/Manual Start]
    
55.   <system32\DRIVERS\cwrwdm.sys><Cirrus Logic Inc.>
    
56. [dmboot / dmboot][Stopped/Disabled]
    
57.   <System32\drivers\dmboot.sys><VERITAS Software Corp.>
    
58. [Logical Disk Manager Driver / dmio][Running/Boot Start]
    
59.   <\SystemRoot\System32\drivers\dmio.sys><VERITAS Software Corp.>
    
60. [dmload / dmload][Running/Boot Start]
    
61.   <\SystemRoot\System32\drivers\dmload.sys><VERITAS Software Corp.>
    
62. [SoundFusion(tm) Joystick / gameenum][Stopped/Manual Start]
    
63.   <system32\DRIVERS\gameenum.sys><N/A>
    
64. [IdeBusDr / IdeBusDr][Running/Boot Start]
    
65.   <\SystemRoot\system32\DRIVERS\IdeBusDr.sys><Intel Corporation>
    
66. [Intel(R) Ultra ATA Controller / IdeChnDr][Running/Boot Start]
    
67.   <\SystemRoot\system32\DRIVERS\IdeChnDr.sys><Intel Corporation>
    
68. [kl1 / kl1][Running/Boot Start]
    
69.   <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
    
70. [klif / klif][Running/System Start]
    
71.   <\??\C:\WINNT\system32\drivers\klif.sys><Kaspersky Lab>
    
72. [npkcrypt / npkcrypt][Running/Auto Start]
    
73.   <\??\E:\Program Files\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
    
74. [PfModNT / PfModNT][Running/Auto Start]
    
75.   <\??\C:\WINNT\system32\PfModNT.sys><Creative Technology Ltd.>
    
76. [Direct Parallel Link Driver / Ptilink][Running/Manual Start]
    
77.   <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
    
78. [Realtek RTL8139-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
    
79.   <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
    
80. [Sound Blaster AudioPCI Audio Driver (WDM) / sbpci][Stopped/Manual Start]
    
81.   <system32\drivers\sbpci.sys><Creative Technology Ltd.>
    
82. [TSP / TSP][Stopped/Manual Start]
    
83.   <\??\C:\WINNT\system32\drivers\klif.sys><Kaspersky Lab>
    
84. [World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
    
85.   <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
    
86. ==================================
    
87. 浏览器加载项
    
88. [NavigatMon Class]
    
89.   {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <E:\Program Files\360safe\safemon\safemon.dll, >
    
90. [浩方对战平台]
    
91.   {0A155D3C-68E2-4215-A47A-E800A446447A} <E:\Program Files\浩方对战平台\GameClient.exe, 上海浩方在线信息技术有限公司>
    
92. [Web反病毒保护]
    
93.   {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll, Kaspersky Lab>
    
94. [QQ]
    
95.   {c95fe080-8f5d-11d2-a20b-00aa003c157b} <E:\Program Files\QQ\QQ.EXE, TENCENT>
    
96. [FlashGet]
    
97.   {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <C:\PROGRA~1\FLASHGET\flashget.exe, Amaze Soft>
    
98. [@msdxmLC.dll,-1@2052,电台(&R)]
    
99.   {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\system32\msdxm.ocx, Microsoft Corporation>
    
100. [Edit Class]
     
101.   {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <C:\WINNT\system32\CMBEdit.dll, >
     
102. [CKAVWebScan Object]
     
103.   {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} <C:\WINNT\system32\Kaspersky Lab\Kaspersky Online Scanner Pro\kavwebscan.dll, Kaspersky Lab>
     
104. [CEditCtrl Object]
     
105.   {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINNT\system32\aliedit\AliEdit.dll, www.alipay.com>
     
106. [AxInputControl Class]
     
107.   {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINNT\DOWNLO~1\INPUTC~1.DLL, >
     
108. [KSHScan Control]
     
109.   {ACFE8232-03C5-4AEC-AF5E-42B806724096} <C:\WINNT\system32\kingsoft\ONLINE~1\KSHScan.ocx, kingsoft>
     
110. [Shockwave Flash Object]
     
111.   {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
     
112. [Rising Web Scan Object]
     
113.   {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINNT\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
     
114. [上传到QQ网络硬盘]
     
115.   <E:\Program Files\QQ\AddToNetDisk.htm, N/A>
     
116. [使用网际快车下载]
     
117.   <C:\Program Files\FlashGet\jc_link.htm, N/A>
     
118. [使用网际快车下载全部链接]
     
119.   <C:\Program Files\FlashGet\jc_all.htm, N/A>
     
120. [添加到QQ自定义面板]
     
121.   <E:\Program Files\QQ\AddPanel.htm, N/A>
     
122. [添加到QQ表情]
     
123.   <E:\Program Files\QQ\AddEmotion.htm, N/A>
     
124. [用QQ彩信发送该图片]
     
125.   <E:\Program Files\QQ\SendMMS.htm, N/A>
     
126. ==================================
     
127. 正在运行的进程
     
128. [PID: 172][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.00.2195.6601]
     
129. [PID: 200][\??\C:\WINNT\system32\csrss.exe]  [Microsoft Corporation, 5.00.2195.6601]
     
130. [PID: 196][\??\C:\WINNT\system32\winlogon.exe]  [Microsoft Corporation, 5.00.2195.6997]
     
131.     [C:\WINNT\system32\wdmaud.drv]  [Microsoft Corporation, 5.00.2195.6673]
     
132.     [C:\WINNT\system32\Ati2evxx.dll]  [ATI Technologies Inc., 6.14.10.4110]
     
133.     [C:\WINNT\system32\klogon.dll]  [Kaspersky Lab, 6.0.0.299]
     
134. [PID: 248][C:\WINNT\system32\services.exe]  [Microsoft Corporation, 5.00.2195.7035]
     
135.     [C:\WINNT\system32\dmserver.dll]  [VERITAS Software Corp., 2195.6605.297.3]
     
136. [PID: 260][C:\WINNT\system32\lsass.exe]  [Microsoft Corporation, 5.00.2195.7011]
     
137. [PID: 372][C:\WINNT\system32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4110]
     
138.     [C:\WINNT\system32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2495]
     
139. [PID: 460][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
     
140. [PID: 484][C:\WINNT\system32\spoolsv.exe]  [Microsoft Corporation, 5.00.2195.7059]
     
141. [PID: 536][C:\WINNT\System32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
     
142.     [C:\WINNT\System32\unimdm.tsp]  [Microsoft Corporation, 5.00.2195.6601]
     
143.     [C:\WINNT\System32\kmddsp.tsp]  [Microsoft Corporation, 5.00.2150.1]
     
144.     [C:\WINNT\System32\ndptsp.tsp]  [Microsoft Corporation, 5.00.2143.1]
     
145.     [C:\WINNT\System32\ipconf.tsp]  [Microsoft Corporation, 5.00.2143.1]
     
146.     [C:\WINNT\System32\h323.tsp]  [Microsoft Corporation, 5.00.2195.6901]
     
147. [PID: 956][C:\WINNT\Explorer.EXE]  [Microsoft Corporation, 5.00.3700.6690]
     
148.     [C:\WINNT\AppPatch\AcLayers.DLL]  [Microsoft Corporation, 5.00.2195.6717]
     
149.     [C:\WINNT\system32\wdmaud.drv]  [Microsoft Corporation, 5.00.2195.6673]
     
150.     [C:\WINNT\system32\msacm32.drv]  [Microsoft Corporation, 5.00.2134.1]
     
151.     [E:\Program Files\360safe\safemon\safemon.dll]  [, 3, 2, 0, 1001]
     
152.     [C:\Program Files\Microsoft Office\Office10\msohev.dll]  [Microsoft Corporation, 10.0.2609]
     
153.     [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
     
154.     [E:\Program Files\QQ\qdshm.dll]  [, 1, 0, 101, 20]
     
155.     [E:\Program Files\QQ\MFC42.DLL]  [Microsoft Corporation, 6.00.8665.0]
     
156.     [D:\PROGRA~1\WINZIP\WZSHLSTB.DLL]  [WinZip Computing, Inc., 4.1 (32-bit)]
     
157.     [C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL]  [Microsoft Corporation, 10.145.3810.0]
     
158.     [C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\pkmws.dll]  [Microsoft Corporation, 10.145.3722.0]
     
159.     [C:\Program Files\Common Files\Microsoft Shared\Web Folders\2052\nsextint.dll]  [Microsoft Corporation, 10.145.3722.0]
     
160.     [D:\Program Files\WinRAR\rarext.dll]  [N/A, ]
     
161.     [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\shellex.dll]  [Kaspersky Lab, 6.0.0.299]
     
162.     [C:\WINNT\system32\MSVCP60.dll]  [Microsoft Corporation, 6.00.8972.0]
     
163.     [d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll]  [Anti-Malware Development a.s., 7, 5, 0, 49]
     
164. [PID: 1180][C:\WINNT\SOUNDMAN.EXE]  [Realtek Semiconductor Corp., 5.1.0.24]
     
165. [PID: 1200][C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe]  [ATI Technologies, Inc., 6.14.10.5134]
     
166.     [C:\Program Files\ATI Technologies\ATI Control Panel\atipdsxx.dll]  [ATI Technologies, Inc., 6.14.10.5134]
     
167.     [C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATRPUIXX.CHS]  [ATI Technologies, Inc., 6.14.10.5134]
     
168.     [C:\Program Files\ATI Technologies\ATI Control Panel\atipdxxx.dll]  [ATI Technologies, Inc., 6.14.10.5134]
     
169.     [C:\WINNT\system32\DINPUT8.dll]  [Microsoft Corporation, 5.1.2600.881 built by: Lab06_N(mmbuild)         ]
     
170. [PID: 1228][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  [RealNetworks, Inc., 0.1.0.3249]
     
171. [PID: 1124][C:\Program Files\HelloNet\HNMainUI.exe]  [, 2, 3, 0, 1]
     
172.     [C:\Program Files\HelloNet\HNKernel.dll]  [HelloNet, 2.2.0.1]
     
173.     [C:\Program Files\HelloNet\HNUtils.dll]  [, 2, 2, 0, 1]
     
174.     [C:\Program Files\HelloNet\HNRes_0804.dll]  [, 2, 2, 0, 1]
     
175.     [C:\Program Files\HelloNet\plugins\Diagnose.dll]  [HelloNet, 2.2.0.1]
     
176. [PID: 1204][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2800.1106]
     
177.     [E:\Program Files\360safe\safemon\safemon.dll]  [, 3, 2, 0, 1001]
     
178.     [C:\Program Files\Microsoft Office\Office10\msohev.dll]  [Microsoft Corporation, 10.0.2609]
     
179.     [C:\WINNT\system32\wdmaud.drv]  [Microsoft Corporation, 5.00.2195.6673]
     
180.     [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scr_ch_pg.dll]  [Kaspersky Lab, 1.0.6.299]
     
181.     [C:\WINNT\system32\MSVCP60.dll]  [Microsoft Corporation, 6.00.8972.0]
     
182.     [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\klscav.dll]  [Kaspersky Lab, 6.0.0.299]
     
183.     [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\pr_remote.dll]  [Kaspersky Lab, 6.0.0.299]
     
184.     [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll]  [Kaspersky Lab, 6.0.0.299]
     
185.     [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prkernel.ppl]  [Kaspersky Lab, 6.0.0.304]
     
186.     [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\params.ppl]  [Kaspersky Lab, 6.0.0.299]
     
187.     [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\pxstub.ppl]  [Kaspersky Lab, 6.0.0.299]
     
188.     [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\tempfile.ppl]  [Kaspersky Lab, 6.0.0.299]
     
189.     [C:\WINNT\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
     
190.     [C:\WINNT\system32\msacm32.drv]  [Microsoft Corporation, 5.00.2134.1]
     
191.     [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\nfio.ppl]  [Kaspersky Lab, 6.0.0.299]
     
192.     [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\fsdrvplgn.ppl]  [Kaspersky Lab, 6.0.0.299]
     
193. [PID: 676][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2800.1106]
     
194.     [E:\Program Files\360safe\safemon\safemon.dll]  [, 3, 2, 0, 1001]
     
195.     [C:\Program Files\Microsoft Office\Office10\msohev.dll]  [Microsoft Corporation, 10.0.2609]
     
196.     [C:\WINNT\system32\wdmaud.drv]  [Microsoft Corporation, 5.00.2195.6673]
     
197.     [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
     
198.     [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scr_ch_pg.dll]  [Kaspersky Lab, 1.0.6.299]
     
199.     [C:\WINNT\system32\MSVCP60.dll]  [Microsoft Corporation, 6.00.8972.0]
     
200.     [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\klscav.dll]  [Kaspersky Lab, 6.0.0.299]
     
201.     [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\pr_remote.dll]  [Kaspersky Lab, 6.0.0.299]
     
202.     [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll]  [Kaspersky Lab, 6.0.0.299]
     
203.     [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prkernel.ppl]  [Kaspersky Lab, 6.0.0.304]
     
204.     [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\params.ppl]  [Kaspersky Lab, 6.0.0.299]
     
205.     [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\pxstub.ppl]  [Kaspersky Lab, 6.0.0.299]
     
206.     [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\tempfile.ppl]  [Kaspersky Lab, 6.0.0.299]
     
207.     [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\nfio.ppl]  [Kaspersky Lab, 6.0.0.299]
     
208.     [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\fsdrvplgn.ppl]  [Kaspersky Lab, 6.0.0.299]
     
209.     [C:\WINNT\system32\winabc.ime]  [Microsoft Corporation, 5.00.2195.6601]
     
210. [PID: 1440][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2800.1106]
     
211.     [E:\Program Files\360safe\safemon\safemon.dll]  [, 3, 2, 0, 1001]
     
212.     [C:\Program Files\Microsoft Office\Office10\msohev.dll]  [Microsoft Corporation, 10.0.2609]
     
213.     [C:\WINNT\system32\wdmaud.drv]  [Microsoft Corporation, 5.00.2195.6673]
     
214.     [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
     
215. [PID: 1564][E:\SRE\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
     
216. ==================================
     
217. 文件关联
     
218. .TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
     
219. .EXE  OK. ["%1" %*]
     
220. .COM  OK. ["%1" %*]
     
221. .PIF  OK. ["%1" %*]
     
222. .REG  OK. [regedit.exe "%1"]
     
223. .BAT  OK. ["%1" %*]
     
224. .SCR  OK. ["%1" /S]
     
225. .CHM  OK. ["C:\WINNT\hh.exe" %1]
     
226. .HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
     
227. .INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
     
228. .INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
     
229. .VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
     
230. .JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
     
231. .LNK  OK. [{00021401-0000-0000-C000-000000000046}]
     
232. ==================================
     
233. Winsock 提供者
     
234. N/A
     
235. ==================================
     
236. Autorun.inf
     
237. N/A
     
238. ==================================
     
239. HOSTS 文件
     
240. 127.0.0.1       localhost
     
241. ==================================
     
242. API HOOK
     
243. RVA  错误： LoadLibraryA (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xB7AF8B25)
     
244. RVA  错误： LoadLibraryExA (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xB7AF8D67)
     
245. RVA  错误： LoadLibraryExW (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xB7AF8F0B)
     
246. RVA  错误： LoadLibraryW (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xB7AF8C49)
     
247. RVA  错误： GetProcAddress (危险等级: 高,  被下面模块所HOOK: Dest Addr: 0xB7AF8E8F)
     
248. ==================================
     
249. 隐藏进程
     
250. N/A
     
251. ==================================

复制代码

现在IE直接点击地址栏都打不开了，在新窗口打开都是显示空白页了

IE二级链接无法打开故障搜索到解决方法了。

现在就剩木马病毒问题了

[ 本帖最后由 hflcat 于 2007-3-17 13:02 编辑 ]

wangjay1980

报告上什么也看不出来，你用冰刃也查不到gz.exe 吗

hflcat

原帖由 wangjay1980 于 2007-3-17 23:33 发表
报告上什么也看不出来，你用冰刃也查不到gz.exe 吗

冰刃里可以看到C:\WINT\gz.exe这个是文件夹

里面是空的,现在卡巴扫了2次也不报警了。

也不知道是解决了没

wangjay1980

那就用冰刃删除那个文件夹