求助木马程序 Trojan-Downloader.VBS.Small.bo

wangjay1980

http://www.blogcn.com/user17/pjf/blog/51000125.html

wangjay1980

是不是只有冰刃才能看见这些病毒文件，你显示所有文件和隐藏文件看看能看见这些文件吗，另外最好在安全模式下删除

hflcat

都删除了，非常感谢。

得到了很多工具，也学到了不少东西

hflcat

原帖由 wangjay1980 于 2007-3-18 00:43 发表
是不是只有冰刃才能看见这些病毒文件，你显示所有文件和隐藏文件看看能看见这些文件吗，另外最好在安全模式下删除

只有冰刃能看见，显示所有文件一直是开着的。

安全模式，等我重启先。

hflcat

现在文件夹都被删除了的，已经重启过了，

不过系统启动后多了个进程

C:\Winnt\system32\internat.exe
是不是有问题

hflcat

现在卡巴还在报C:\WINNT\gz.exe

ICESWORD里查到C:\WINNT\gz.exe  现在是个文件，删除后重启还是会出现

wangjay1980

这个病毒太牛了，难道它是把自己加载到系统的服务里，你在用SRE扫个报告，另外你选冰刃里的SSDT看看，红色的都是那些文件

hflcat

1. 
   
2. 2007-03-18,14:50:39
   
3. System Repair Engineer 2.4.12.806
   
4. Smallfrogs (http://www.KZTechs.com)
   
5. Windows 2000 Professional Service Pack 4 (Build 2195) - 管理权限用户 - 完整功能
   
6. 以下内容被选中：
   
7.     所有的启动项目（包括注册表、启动文件夹、服务等）
   
8.     浏览器加载项
   
9.     正在运行的进程（包括进程模块信息）
   
10.     文件关联
    
11.     Winsock 提供者
    
12.     Autorun.inf
    
13.     HOSTS 文件
    
14. 
    
15. 启动项目
    
16. 注册表
    
17. [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    
18.     <internat.exe><internat.exe>  [(Verified)Microsoft Windows 2000 Publisher]
    
19. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    
20.     <ATIPTA><C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe>  [ATI Technologies, Inc.]
    
21.     <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    
22.     <StormCodec_Helper><"D:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti>  [N/A]
    
23.     <kav><"D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe">  [Kaspersky Lab]
    
24.     <SoundMan><SOUNDMAN.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    
25.     <Synchronization Manager><mobsync.exe /logon>  [(Verified)Microsoft Windows 2000 Publisher]
    
26. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    
27.     <shell><Explorer.exe>  [(Verified)Microsoft Windows 2000 Publisher]
    
28.     <Userinit><C:\WINNT\system32\userinit.exe,>  [(Verified)Microsoft Windows 2000 Publisher]
    
29. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
    
30.     <WinlogonNotify: klogon><C:\WINNT\system32\klogon.dll>  [Kaspersky Lab]
    
31. ==================================
    
32. 启动文件夹
    
33. [ADSL拨号王]
    
34.   <C:\Documents and Settings\y\「开始」菜单\程序\启动\ADSL拨号王.lnk --> C:\PROGRA~1\HelloNet\HelloNet.exe [HelloNet]><N>
    
35. ==================================
    
36. 服务
    
37. [Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
    
38.   <C:\WINNT\system32\Ati2evxx.exe><ATI Technologies Inc.>
    
39. [卡巴斯基反病毒6.0 / AVP][Running/Auto Start]
    
40.   <"D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r><Kaspersky Lab>
    
41. [Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
    
42.   <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
    
43. ==================================
    
44. 驱动程序
    
45. [Service for WDM 3D Audio Driver / ALCXSENS][Stopped/Manual Start]
    
46.   <system32\drivers\ALCXSENS.SYS><Sensaura>
    
47. [Service for Realtek AC97 Audio (WDM) / ALCXWDM][Stopped/Manual Start]
    
48.   <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
    
49. [ati2mtag / ati2mtag][Running/Manual Start]
    
50.   <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
    
51. [AVG Anti-Spyware Driver / AVG Anti-Spyware Driver][Running/System Start]
    
52.   <\??\d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys><N/A>
    
53. [AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start]
    
54.   <System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.>
    
55. [HelloNet PPPoE 虚拟网卡 / BRPPPOE][Running/Manual Start]
    
56.   <system32\DRIVERS\brpppoe.sys><N/A>
    
57. [SoundFusion(tm) WDM Driver / cwrwdm][Stopped/Manual Start]
    
58.   <system32\DRIVERS\cwrwdm.sys><Cirrus Logic Inc.>
    
59. [dmboot / dmboot][Stopped/Disabled]
    
60.   <System32\drivers\dmboot.sys><VERITAS Software Corp.>
    
61. [Logical Disk Manager Driver / dmio][Running/Boot Start]
    
62.   <\SystemRoot\System32\drivers\dmio.sys><VERITAS Software Corp.>
    
63. [dmload / dmload][Running/Boot Start]
    
64.   <\SystemRoot\System32\drivers\dmload.sys><VERITAS Software Corp.>
    
65. [SoundFusion(tm) Joystick / gameenum][Stopped/Manual Start]
    
66.   <system32\DRIVERS\gameenum.sys><N/A>
    
67. [IdeBusDr / IdeBusDr][Running/Boot Start]
    
68.   <\SystemRoot\system32\DRIVERS\IdeBusDr.sys><Intel Corporation>
    
69. [Intel(R) Ultra ATA Controller / IdeChnDr][Running/Boot Start]
    
70.   <\SystemRoot\system32\DRIVERS\IdeChnDr.sys><Intel Corporation>
    
71. [kl1 / kl1][Running/Boot Start]
    
72.   <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
    
73. [klif / klif][Running/System Start]
    
74.   <\??\C:\WINNT\system32\drivers\klif.sys><Kaspersky Lab>
    
75. [npkcrypt / npkcrypt][Running/Auto Start]
    
76.   <\??\E:\Program Files\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
    
77. [PfModNT / PfModNT][Running/Auto Start]
    
78.   <\??\C:\WINNT\system32\PfModNT.sys><Creative Technology Ltd.>
    
79. [Direct Parallel Link Driver / Ptilink][Running/Manual Start]
    
80.   <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
    
81. [Realtek RTL8139-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
    
82.   <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
    
83. [Sound Blaster AudioPCI Audio Driver (WDM) / sbpci][Stopped/Manual Start]
    
84.   <system32\drivers\sbpci.sys><Creative Technology Ltd.>
    
85. [TSP / TSP][Stopped/Manual Start]
    
86.   <\??\C:\WINNT\system32\drivers\klif.sys><Kaspersky Lab>
    
87. [World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
    
88.   <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
    
89. ==================================
    
90. 浏览器加载项
    
91. [NavigatMon Class]
    
92.   {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <E:\Program Files\360safe\safemon\safemon.dll, >
    
93. [浩方对战平台]
    
94.   {0A155D3C-68E2-4215-A47A-E800A446447A} <E:\Program Files\浩方对战平台\GameClient.exe, 上海浩方在线信息技术有限公司>
    
95. [Web反病毒保护]
    
96.   {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll, Kaspersky Lab>
    
97. [QQ]
    
98.   {c95fe080-8f5d-11d2-a20b-00aa003c157b} <E:\Program Files\QQ\QQ.EXE, TENCENT>
    
99. [FlashGet]
    
100.   {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <C:\PROGRA~1\FLASHGET\flashget.exe, Amaze Soft>
     
101. [@msdxmLC.dll,-1@2052,电台(&R)]
     
102.   {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\system32\msdxm.ocx, Microsoft Corporation>
     
103. [Edit Class]
     
104.   {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <C:\WINNT\system32\CMBEdit.dll, >
     
105. [CKAVWebScan Object]
     
106.   {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} <C:\WINNT\system32\Kaspersky Lab\Kaspersky Online Scanner Pro\kavwebscan.dll, Kaspersky Lab>
     
107. [CEditCtrl Object]
     
108.   {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINNT\system32\aliedit\AliEdit.dll, www.alipay.com>
     
109. [AxInputControl Class]
     
110.   {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINNT\DOWNLO~1\INPUTC~1.DLL, >
     
111. [KSHScan Control]
     
112.   {ACFE8232-03C5-4AEC-AF5E-42B806724096} <C:\WINNT\system32\kingsoft\ONLINE~1\KSHScan.ocx, kingsoft>
     
113. [Shockwave Flash Object]
     
114.   {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
     
115. [Rising Web Scan Object]
     
116.   {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINNT\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
     
117. [上传到QQ网络硬盘]
     
118.   <E:\Program Files\QQ\AddToNetDisk.htm, N/A>
     
119. [使用网际快车下载]
     
120.   <C:\Program Files\FlashGet\jc_link.htm, N/A>
     
121. [使用网际快车下载全部链接]
     
122.   <C:\Program Files\FlashGet\jc_all.htm, N/A>
     
123. [添加到QQ自定义面板]
     
124.   <E:\Program Files\QQ\AddPanel.htm, N/A>
     
125. [添加到QQ表情]
     
126.   <E:\Program Files\QQ\AddEmotion.htm, N/A>
     
127. [用QQ彩信发送该图片]
     
128.   <E:\Program Files\QQ\SendMMS.htm, N/A>
     
129. ==================================
     
130. 正在运行的进程
     
131. [PID: 172][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.00.2195.6601]
     
132. [PID: 200][\??\C:\WINNT\system32\csrss.exe]  [Microsoft Corporation, 5.00.2195.6601]
     
133. [PID: 196][\??\C:\WINNT\system32\winlogon.exe]  [Microsoft Corporation, 5.00.2195.6997]
     
134.     [C:\WINNT\system32\wdmaud.drv]  [Microsoft Corporation, 5.00.2195.6673]
     
135.     [C:\WINNT\system32\Ati2evxx.dll]  [ATI Technologies Inc., 6.14.10.4110]
     
136.     [C:\WINNT\system32\klogon.dll]  [Kaspersky Lab, 6.0.0.299]
     
137. [PID: 248][C:\WINNT\system32\services.exe]  [Microsoft Corporation, 5.00.2195.7035]
     
138.     [C:\WINNT\system32\dmserver.dll]  [VERITAS Software Corp., 2195.6605.297.3]
     
139. [PID: 260][C:\WINNT\system32\lsass.exe]  [Microsoft Corporation, 5.00.2195.7011]
     
140. [PID: 372][C:\WINNT\system32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4110]
     
141.     [C:\WINNT\system32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2495]
     
142. [PID: 460][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
     
143. [PID: 484][C:\WINNT\system32\spoolsv.exe]  [Microsoft Corporation, 5.00.2195.7059]
     
144. [PID: 536][C:\WINNT\System32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
     
145.     [C:\WINNT\System32\unimdm.tsp]  [Microsoft Corporation, 5.00.2195.6601]
     
146.     [C:\WINNT\System32\kmddsp.tsp]  [Microsoft Corporation, 5.00.2150.1]
     
147.     [C:\WINNT\System32\ndptsp.tsp]  [Microsoft Corporation, 5.00.2143.1]
     
148.     [C:\WINNT\System32\ipconf.tsp]  [Microsoft Corporation, 5.00.2143.1]
     
149.     [C:\WINNT\System32\h323.tsp]  [Microsoft Corporation, 5.00.2195.6901]
     
150. [PID: 960][C:\WINNT\Explorer.EXE]  [Microsoft Corporation, 5.00.3700.6690]
     
151.     [C:\WINNT\AppPatch\AcLayers.DLL]  [Microsoft Corporation, 5.00.2195.6717]
     
152.     [C:\WINNT\system32\wdmaud.drv]  [Microsoft Corporation, 5.00.2195.6673]
     
153.     [C:\WINNT\system32\msacm32.drv]  [Microsoft Corporation, 5.00.2134.1]
     
154.     [E:\Program Files\360safe\safemon\safemon.dll]  [, 3, 2, 0, 1001]
     
155.     [C:\Program Files\Microsoft Office\Office10\msohev.dll]  [Microsoft Corporation, 10.0.2609]
     
156.     [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
     
157. [PID: 992][C:\WINNT\SOUNDMAN.EXE]  [Realtek Semiconductor Corp., 5.1.0.24]
     
158. [PID: 1160][C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe]  [ATI Technologies, Inc., 6.14.10.5134]
     
159.     [C:\Program Files\ATI Technologies\ATI Control Panel\atipdsxx.dll]  [ATI Technologies, Inc., 6.14.10.5134]
     
160.     [C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATRPUIXX.CHS]  [ATI Technologies, Inc., 6.14.10.5134]
     
161.     [C:\Program Files\ATI Technologies\ATI Control Panel\atipdxxx.dll]  [ATI Technologies, Inc., 6.14.10.5134]
     
162.     [C:\WINNT\system32\DINPUT8.dll]  [Microsoft Corporation, 5.1.2600.881 built by: Lab06_N(mmbuild)         ]
     
163. [PID: 1092][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  [RealNetworks, Inc., 0.1.0.3249]
     
164. [PID: 1228][C:\WINNT\system32\internat.exe]  [Microsoft Corporation, 5.00.2920.0000]
     
165. [PID: 1260][C:\Program Files\HelloNet\HNMainUI.exe]  [, 2, 3, 0, 1]
     
166.     [C:\Program Files\HelloNet\HNKernel.dll]  [HelloNet, 2.2.0.1]
     
167.     [C:\Program Files\HelloNet\HNUtils.dll]  [, 2, 2, 0, 1]
     
168.     [C:\Program Files\HelloNet\HNRes_0804.dll]  [, 2, 2, 0, 1]
     
169.     [C:\Program Files\HelloNet\plugins\Diagnose.dll]  [HelloNet, 2.2.0.1]
     
170. [PID: 864][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2800.1106]
     
171.     [E:\Program Files\360safe\safemon\safemon.dll]  [, 3, 2, 0, 1001]
     
172.     [C:\Program Files\Microsoft Office\Office10\msohev.dll]  [Microsoft Corporation, 10.0.2609]
     
173.     [C:\WINNT\system32\wdmaud.drv]  [Microsoft Corporation, 5.00.2195.6673]
     
174.     [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scr_ch_pg.dll]  [Kaspersky Lab, 1.0.6.299]
     
175.     [C:\WINNT\system32\MSVCP60.dll]  [Microsoft Corporation, 6.00.8972.0]
     
176.     [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\klscav.dll]  [Kaspersky Lab, 6.0.0.299]
     
177.     [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\pr_remote.dll]  [Kaspersky Lab, 6.0.0.299]
     
178.     [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll]  [Kaspersky Lab, 6.0.0.299]
     
179.     [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prkernel.ppl]  [Kaspersky Lab, 6.0.0.304]
     
180.     [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\params.ppl]  [Kaspersky Lab, 6.0.0.299]
     
181.     [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\pxstub.ppl]  [Kaspersky Lab, 6.0.0.299]
     
182.     [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\tempfile.ppl]  [Kaspersky Lab, 6.0.0.299]
     
183.     [C:\WINNT\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
     
184.     [C:\WINNT\system32\msacm32.drv]  [Microsoft Corporation, 5.00.2134.1]
     
185.     [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\nfio.ppl]  [Kaspersky Lab, 6.0.0.299]
     
186.     [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\fsdrvplgn.ppl]  [Kaspersky Lab, 6.0.0.299]
     
187. [PID: 636][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2800.1106]
     
188.     [E:\Program Files\360safe\safemon\safemon.dll]  [, 3, 2, 0, 1001]
     
189.     [C:\Program Files\Microsoft Office\Office10\msohev.dll]  [Microsoft Corporation, 10.0.2609]
     
190.     [C:\WINNT\system32\wdmaud.drv]  [Microsoft Corporation, 5.00.2195.6673]
     
191.     [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scr_ch_pg.dll]  [Kaspersky Lab, 1.0.6.299]
     
192.     [C:\WINNT\system32\MSVCP60.dll]  [Microsoft Corporation, 6.00.8972.0]
     
193.     [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\klscav.dll]  [Kaspersky Lab, 6.0.0.299]
     
194.     [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\pr_remote.dll]  [Kaspersky Lab, 6.0.0.299]
     
195.     [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll]  [Kaspersky Lab, 6.0.0.299]
     
196.     [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prkernel.ppl]  [Kaspersky Lab, 6.0.0.304]
     
197.     [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\params.ppl]  [Kaspersky Lab, 6.0.0.299]
     
198.     [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\pxstub.ppl]  [Kaspersky Lab, 6.0.0.299]
     
199.     [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\tempfile.ppl]  [Kaspersky Lab, 6.0.0.299]
     
200.     [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\nfio.ppl]  [Kaspersky Lab, 6.0.0.299]
     
201.     [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\fsdrvplgn.ppl]  [Kaspersky Lab, 6.0.0.299]
     
202.     [C:\WINNT\system32\msacm32.drv]  [Microsoft Corporation, 5.00.2134.1]
     
203.     [C:\WINNT\system32\msratelc.dll]  [Microsoft Corporation, 6.00.2800.1106]
     
204.     [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
     
205.     [C:\WINNT\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
     
206. [PID: 640][E:\q\SpeedSim.exe]  [SpeedSim Developers, 0, 9, 5, 1]
     
207.     [C:\WINNT\system32\MSVCP60.dll]  [Microsoft Corporation, 6.00.8972.0]
     
208.     [E:\q\SpeedKernel.dll]  [SpeedSim Developers, 0, 9, 5, 1]
     
209. [PID: 2148][E:\SRE\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
     
210. ==================================
     
211. 文件关联
     
212. .TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
     
213. .EXE  OK. ["%1" %*]
     
214. .COM  OK. ["%1" %*]
     
215. .PIF  OK. ["%1" %*]
     
216. .REG  OK. [regedit.exe "%1"]
     
217. .BAT  OK. ["%1" %*]
     
218. .SCR  OK. ["%1" /S]
     
219. .CHM  OK. ["C:\WINNT\hh.exe" %1]
     
220. .HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
     
221. .INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
     
222. .INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
     
223. .VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
     
224. .JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
     
225. .LNK  OK. [{00021401-0000-0000-C000-000000000046}]
     
226. ==================================
     
227. Winsock 提供者
     
228. N/A
     
229. ==================================
     
230. Autorun.inf
     
231. N/A
     
232. ==================================
     
233. HOSTS 文件
     
234. 127.0.0.1       localhost
     
235. ==================================
     
236. API HOOK
     
237. RVA  错误： LoadLibraryA (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xB7AF8B25)
     
238. RVA  错误： LoadLibraryExA (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xB7AF8D67)
     
239. RVA  错误： LoadLibraryExW (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xB7AF8F0B)
     
240. RVA  错误： LoadLibraryW (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xB7AF8C49)
     
241. RVA  错误： GetProcAddress (危险等级: 高,  被下面模块所HOOK: Dest Addr: 0xB7AF8E8F)
     
242. ==================================
     
243. 隐藏进程
     
244. N/A
     
245. ==================================
     

复制代码

hflcat

红色的是3个
C:\WINNT\System32\drivers\klif.sys

d:\program files\Grisoft\AVG Anti-spyware 7.5\guard.sys

kl1.sys

难道他把我的AVG感染了

现在卡8会报2个病毒文件， C:\WINNT\gz.exe  和  C:\WINNT\070116.vbs

但是我在安全模式下用冰刃也找不到这两个文件或者文件夹。

正常模式就会反复报警——》删除——》继续报警

[ 本帖最后由 hflcat 于 2007-3-18 14:56 编辑 ]

wangjay1980

C:\WINDOWS\070116.vbs
C:\WINDOWS\addins\wmi.bat
C:\WINDOWS\addins\main.vbs
C:\WINDOWS\addins\wmi.vbs
C:\WINDOWS\addins\svchost.exe
C:\WINDOWS\addins\Result.txt
看看你有这些文件没有