查看: 2100|回复: 4
收起左侧

请大家帮个忙啊!(卡巴杀不掉啊!)

[复制链接]
fingerling
发表于 2007-5-23 02:22:11 | 显示全部楼层 |阅读模式
请大家帮忙看看这个到底该怎么办啊?!
上周六晚上在迅雷博客上下东西,好象是中木马了,用AVG7.5在线杀毒,杀完了,重杀的时候,上面还有,有几个一直杀完又有了(图1),还有,卡巴根本就杀不出来,
用IceSword1.2看见图2所示,还有很多这样的红色的东西.

  1. 2007-06-24,02:15:47
  2. System Repair Engineer 2.4.12.806
  3. Smallfrogs (http://www.KZTechs.com)
  4. Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
  5. 以下内容被选中:
  6.     所有的启动项目(包括注册表、启动文件夹、服务等)
  7.     浏览器加载项
  8.     正在运行的进程(包括进程模块信息)
  9.     文件关联
  10.     Winsock 提供者
  11.     Autorun.inf
  12.     HOSTS 文件

  13. 启动项目
  14. 注册表
  15. [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  16.     <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
  17. [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  18.     <load><>  [N/A]
  19.     <run><>  [N/A]
  20. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  21.     <Windows木马防火墙><E:\软件\安全防护\Windows木马清道夫 8.8上网必备绿色注册可升级版\ftcsetup\Trojanwall.exe>  [风云谷]
  22.     <AVP><"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe">  [(Verified)Kaspersky Lab]
  23.     <!AVG Anti-Spyware><"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized>  [Anti-Malware Development a.s.]
  24.     <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
  25. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  26.     <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
  27.     <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
  28. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  29.     <AppInit_DLLs><>  [N/A]
  30. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  31.     <UIHost><C:\WINDOWS\Resources\Themes\Login\logonui-3.1.exe>  [N/A]
  32. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
  33.     <{57B86673-276A-48B2-BAE7-C6DBB3020EB8}><C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll>  [Anti-Malware Development a.s.]
  34. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
  35.     <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll>  [(Verified)Microsoft Windows Component Publisher]
  36. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
  37.     <WinlogonNotify: klogon><C:\WINDOWS\system32\klogon.dll>  [(Verified)Kaspersky Lab]
  38. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
  39.     <IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe>  [(Verified)Microsoft Windows Component Publisher]
  40. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  41.     <!AVG Anti-Spyware><; "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized>  [Anti-Malware Development a.s.]
  42.     <5QIM><; d:\Program Files\5Q\校园通\5QIM.exe>  [xiaonei.com]
  43.     <FlashGet><; "C:\Program Files\FlashGet\FlashGet.exe" /min>  [N/A]
  44.     <NvCplDaemon><; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
  45.     <NvMediaCenter><; RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
  46.     <nwiz><; nwiz.exe /install>  []
  47.     <SoundMan><; SOUNDMAN.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
  48.     <Super Rabbit SRRestore><; C:\PROGRA~1\SUPERR~1\MagicSet\SRRest.exe /autosave>  [N/A]
  49. ==================================
  50. 启动文件夹
  51. N/A
  52. ==================================
  53. 服务
  54. [AVG Anti-Spyware Guard / AVG Anti-Spyware Guard][Running/Auto Start]
  55.   <C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe><Anti-Malware Development a.s.>
  56. [卡巴斯基反病毒 7.0 / AVP][Running/Auto Start]
  57.   <"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r><Kaspersky Lab>
  58. [Human Interface Device Access / HidServ][Stopped/Disabled]
  59.   <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
  60. [NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
  61.   <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
  62. ==================================
  63. 驱动程序
  64. [Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  65.   <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
  66. [AMD Processor Driver / AmdK8][Running/System Start]
  67.   <system32\DRIVERS\AmdK8.sys><Advanced Micro Devices>
  68. [AVG Anti-Spyware Driver / AVG Anti-Spyware Driver][Running/System Start]
  69.   <\??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys><N/A>
  70. [AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start]
  71.   <System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.>
  72. [GMSIPCI / GMSIPCI][Stopped/Manual Start]
  73.   <\??\H:\INSTALL\GMSIPCI.SYS><N/A>
  74. [kl1 / kl1][Running/Boot Start]
  75.   <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
  76. [klif / klif][Running/System Start]
  77.   <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
  78. [nv / nv][Running/Manual Start]
  79.   <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
  80. [nvata / nvata][Running/Boot Start]
  81.   <\SystemRoot\system32\DRIVERS\nvata.sys><NVIDIA Corporation>
  82. [NVIDIA nForce Networking Controller Driver / NVENETFD][Running/Manual Start]
  83.   <system32\DRIVERS\NVENETFD.sys><NVIDIA Corporation>
  84. [NVIDIA Network Bus Enumerator / nvnetbus][Running/Manual Start]
  85.   <system32\DRIVERS\nvnetbus.sys><NVIDIA Corporation>
  86. [Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  87.   <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
  88. [Secdrv / Secdrv][Stopped/Manual Start]
  89.   <system32\DRIVERS\secdrv.sys><N/A>
  90. [PCANDIS5 NDIS Protocol Driver / PCANDIS5][Running/Manual Start]
  91.   <\??\C:\WINDOWS\system32\PCANDIS5.SYS><Printing Communications Assoc., Inc. (PCAUSA)>
  92. ==================================
  93. 浏览器加载项
  94. [SrchHook Class]
  95.   {F08555B0-9CC3-11D2-AA8E-000000000000} <C:\WINDOWS\system32\IEBHO.dll, >
  96. [Web反病毒 统计]
  97.   {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll, Kaspersky Lab>
  98. [番茄花园]
  99.   {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.tomatolei.com, N/A>
  100. [番茄工具条3.1.5]
  101.   {6451F285-9E41-4D8C-813D-794CA7BFEAB4} <C:\WINDOWS\system32\IETool.dll, N/A>
  102. [ewidoOnlineScan Control]
  103.   {193C772A-87BE-4B19-A7BB-445B226FE9A1} <C:\WINDOWS\DOWNLO~1\EWIDOO~1.DLL, Anti-Malware Development a.s.>
  104. [ewidoOnlineScan Control]
  105.   {193C772A-87BE-4B19-A7BB-445B226FE9A1} <C:\WINDOWS\DOWNLO~1\EWIDOO~1.DLL, Anti-Malware Development a.s.>
  106. [FGCatchUrl]
  107.   {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <C:\Program Files\FlashGet\jccatch.dll, N/A>
  108. [CImWebObj Object]
  109.   {5C56F4A7-71FC-4FFD-A9D7-18FB87A9DFC6} <d:\Program Files\5Q\校园通\5QImWeb2009.dll, 5Q校内网>
  110. [番茄工具条3.1.5]
  111.   {6451F285-9E41-4D8C-813D-794CA7BFEAB4} <C:\WINDOWS\system32\IETool.dll, N/A>
  112. [Microsoft Shell UI Helper]
  113.   {64AB4BB7-111E-11D1-8F79-00C04FC2FBE1} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
  114. [AUDIO__MID Moniker Class]
  115.   {CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
  116. [AUDIO__MP3 Moniker Class]
  117.   {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
  118. [AUDIO__X_MS_WMA Moniker Class]
  119.   {CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
  120. [Shockwave Flash Object]
  121.   {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
  122. [SrchHook Class]
  123.   {F08555B0-9CC3-11D2-AA8E-000000000000} <C:\WINDOWS\system32\IEBHO.dll, >
  124. [FlashGet GetFlash Class]
  125.   {F156768E-81EF-470C-9057-481BA8380DBA} <C:\Program Files\FlashGet\getflash.dll, N/A>
  126. [XML HTTP]
  127.   {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, N/A>
  128. [FGCatchUrl]
  129.   {FB5DA724-162B-11D3-8B9B-AA70B4B0B524} <C:\Program Files\FlashGet\jccatch.dll, N/A>
  130. [添加到QQ表情]
  131.   <d:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
  132. ==================================
  133. 正在运行的进程
  134. [PID: 652][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  135. [PID: 728][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  136.     [E:\软件\安全防护\Windows木马清道夫 8.8上网必备绿色注册可升级版\ftcsetup\ProcessHook.dll]  [Fygsoft and Microsoft, 1.0.0.33]
  137. [PID: 760][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  138.     [C:\WINDOWS\system32\klogon.dll]  [Kaspersky Lab, 7.0.0.60]
  139.     [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
  140.     [E:\软件\安全防护\Windows木马清道夫 8.8上网必备绿色注册可升级版\ftcsetup\ProcessHook.dll]  [Fygsoft and Microsoft, 1.0.0.33]
  141. [PID: 1672][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
  142.     [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
  143.     [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16441 (vista_gdr.070219-1500)]
  144.     [C:\WINDOWS\system32\ieframe.dll]  [Microsoft Corporation, 7.00.6000.16441 (vista_gdr.070219-1500)]
  145.     [C:\WINDOWS\system32\WPDShServiceObj.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
  146.     [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
  147.     [E:\软件\安全防护\Windows木马清道夫 8.8上网必备绿色注册可升级版\ftcsetup\ProcessHook.dll]  [Fygsoft and Microsoft, 1.0.0.33]
  148.     [C:\WINDOWS\system32\PortableDeviceTypes.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
  149.     [C:\WINDOWS\system32\PortableDeviceApi.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
  150.     [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
  151.     [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\ShellEx.dll]  [Kaspersky Lab, 7.0.0.60]
  152.     [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.42]
  153.     [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.42]
  154.     [E:\软件\安全防护\WINDOW~1.8上\ftcsetup\Commenu.dll]  [Fygsoft and Microsoft, 3.0.0.63]
  155.     [C:\WINDOWS\system32\nvcpl.dll]  [NVIDIA Corporation, 6.14.10.9136]
  156.     [C:\WINDOWS\system32\NVRSZHC.DLL]  [NVIDIA Corporation, 6.14.10.9136]
  157.     [C:\WINDOWS\system32\nvshell.dll]  [, ]
  158.     [C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll]  [Anti-Malware Development a.s., 7, 5, 0, 49]
  159.     [C:\WINDOWS\system32\wpdshext.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
  160.     [C:\WINDOWS\system32\Audiodev.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
  161.     [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\prremote.dll]  [Kaspersky Lab, 7.0.0.60]
  162.     [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\prloader.dll]  [Kaspersky Lab, 7.0.0.60]
  163.     [C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll]  [Anti-Malware Development a.s., 7, 5, 0, 47]
  164. [PID: 1816][E:\软件\安全防护\Windows木马清道夫 8.8上网必备绿色注册可升级版\ftcsetup\Trojanwall.exe]  [风云谷, 4.7.0.1405]
  165.     [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
  166.     [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16441 (vista_gdr.070219-1500)]
  167.     [E:\软件\安全防护\Windows木马清道夫 8.8上网必备绿色注册可升级版\ftcsetup\ftcapi.dll]  [fygsoft, 1.0.0.0]
  168.     [E:\软件\安全防护\Windows木马清道夫 8.8上网必备绿色注册可升级版\ftcsetup\ProcessHook.dll]  [Fygsoft and Microsoft, 1.0.0.33]
  169.     [E:\软件\安全防护\Windows木马清道夫 8.8上网必备绿色注册可升级版\ftcsetup\PSAPI.dll]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
  170.     [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
  171. [PID: 1832][C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe]  [Anti-Malware Development a.s., 7, 5, 0, 50]
  172.     [C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\engine.dll]  [Anti-Malware Development a.s., 4, 2, 0, 15]
  173.     [E:\软件\安全防护\Windows木马清道夫 8.8上网必备绿色注册可升级版\ftcsetup\ProcessHook.dll]  [Fygsoft and Microsoft, 1.0.0.33]
  174. [PID: 1920][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  175.     [E:\软件\安全防护\Windows木马清道夫 8.8上网必备绿色注册可升级版\ftcsetup\ProcessHook.dll]  [Fygsoft and Microsoft, 1.0.0.33]
  176. [PID: 2236][C:\Program Files\锐捷网络\Ruijie Supplicant\8021x.exe]  [锐捷网络, 3, 2, 0, 0]
  177.     [C:\WINDOWS\system32\W32N50.dll]  [Printing Communications Assoc., Inc. (PCAUSA), 5.03.16.54]
  178.     [E:\软件\安全防护\Windows木马清道夫 8.8上网必备绿色注册可升级版\ftcsetup\ProcessHook.dll]  [Fygsoft and Microsoft, 1.0.0.33]
  179.     [C:\PROGRA~1\锐捷网络\RUIJIE~1\EXRGPA~1.OCX]  [锐捷网络, 1, 0, 0, 1]
  180.     [C:\PROGRA~1\锐捷网络\RUIJIE~1\HIDetect.dll]  [锐捷网络, 1, 0, 0, 1]
  181.     [C:\PROGRA~1\锐捷网络\RUIJIE~1\Vx_API.dll]  [锐捷网络, 1, 0, 0, 1]
  182.     [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16441 (vista_gdr.070219-1500)]
  183. [PID: 2728][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  184.     [E:\软件\安全防护\Windows木马清道夫 8.8上网必备绿色注册可升级版\ftcsetup\ProcessHook.dll]  [Fygsoft and Microsoft, 1.0.0.33]
  185. [PID: 3964][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 7.00.6000.16441 (vista_gdr.070219-1500)]
  186.     [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16441 (vista_gdr.070219-1500)]
  187.     [E:\软件\安全防护\Windows木马清道夫 8.8上网必备绿色注册可升级版\ftcsetup\ProcessHook.dll]  [Fygsoft and Microsoft, 1.0.0.33]
  188.     [C:\WINDOWS\system32\IEFRAME.dll]  [Microsoft Corporation, 7.00.6000.16441 (vista_gdr.070219-1500)]
  189.     [C:\WINDOWS\system32\IEUI.dll]  [Microsoft Corporation, 7.00.5730.11 (winmain(wmbla).061017-1135)]
  190.     [C:\WINDOWS\system32\xmllite.dll]  [Microsoft Corporation, 1.00.1018.0]
  191.     [C:\Program Files\Internet Explorer\ieproxy.dll]  [Microsoft Corporation, 7.00.5730.11 (winmain(wmbla).061017-1135)]
  192.     [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
  193.     [C:\WINDOWS\system32\IETool.dll]  [N/A, ]
  194.     [C:\WINDOWS\system32\IEBHO.dll]  [, 1, 0, 0, 1]
  195.     [C:\WINDOWS\system32\ieapfltr.dll]  [Microsoft Corporation, 7.0.6000.16461]
  196.     [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\scrchpg.dll]  [Kaspersky Lab, 7.0.0.60]
  197.     [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\klscav.dll]  [Kaspersky Lab, 7.0.0.60]
  198.     [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.42]
  199.     [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\prremote.dll]  [Kaspersky Lab, 7.0.0.60]
  200.     [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.42]
  201.     [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\prloader.dll]  [Kaspersky Lab, 7.0.0.60]
  202.     [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\prkernel.ppl]  [Kaspersky Lab, 7.0.0.60]
  203.     [c:\program files\kaspersky lab\kaspersky anti-virus 7.0\params.ppl]  [Kaspersky Lab, 7.0.0.60]
  204.     [c:\program files\kaspersky lab\kaspersky anti-virus 7.0\pxstub.ppl]  [Kaspersky Lab, 7.0.0.60]
  205.     [c:\program files\kaspersky lab\kaspersky anti-virus 7.0\tempfile.ppl]  [Kaspersky Lab, 7.0.0.60]
  206.     [c:\program files\kaspersky lab\kaspersky anti-virus 7.0\nfio.ppl]  [Kaspersky Lab, 7.0.0.60]
  207.     [c:\program files\kaspersky lab\kaspersky anti-virus 7.0\fsdrvplg.ppl]  [Kaspersky Lab, 7.0.0.60]
  208.     [c:\program files\kaspersky lab\kaspersky anti-virus 7.0\basegui.ppl]  [Kaspersky Lab, 7.0.0.60]
  209.     [c:\program files\kaspersky lab\kaspersky anti-virus 7.0\thpimpl.ppl]  [Kaspersky Lab, 7.0.0.60]
  210.     [c:\program files\kaspersky lab\kaspersky anti-virus 7.0\FSSync.dll]  [Kaspersky Lab, 7.0.5.60]
  211.     [c:\program files\kaspersky lab\kaspersky anti-virus 7.0\winreg.ppl]  [Kaspersky Lab, 7.0.0.60]
  212.     [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
  213.     [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
  214.     [C:\WINDOWS\DOWNLO~1\EWIDOO~1.DLL]  [Anti-Malware Development a.s., 1.0.0.4]
  215.     [C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Z1QCLGLC\engine[1].dll]  [Anti-Malware Development a.s., 4, 2, 0, 15]
  216. [PID: 3056][G:\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
  217.     [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
  218.     [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16441 (vista_gdr.070219-1500)]
  219.     [E:\软件\安全防护\Windows木马清道夫 8.8上网必备绿色注册可升级版\ftcsetup\ProcessHook.dll]  [Fygsoft and Microsoft, 1.0.0.33]
  220. ==================================
  221. 文件关联
  222. .TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
  223. .EXE  OK. ["%1" %*]
  224. .COM  OK. ["%1" %*]
  225. .PIF  OK. ["%1" %*]
  226. .REG  OK. [regedit.exe "%1"]
  227. .BAT  OK. ["%1" %*]
  228. .SCR  OK. ["%1" /S]
  229. .CHM  Error. ["hh.exe" %1]
  230. .HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
  231. .INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
  232. .INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
  233. .VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
  234. .JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
  235. .LNK  OK. [{00021401-0000-0000-C000-000000000046}]
  236. ==================================
  237. Winsock 提供者
  238. N/A
  239. ==================================
  240. Autorun.inf
  241. N/A
  242. ==================================
  243. HOSTS 文件
  244. 127.0.0.1       localhost
  245. ==================================
  246. API HOOK
  247. 入口点错误:FreeLibrary (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0x5F00002D)
  248. ==================================
  249. 隐藏进程
  250. N/A
  251. ==================================
复制代码

[ 本帖最后由 fingerling 于 2007-5-23 06:33 编辑 ]
木马.jpg
IceSword120.jpg
fingerling
 楼主| 发表于 2007-5-23 02:23:08 | 显示全部楼层
日期应该是5.23
fingerling
 楼主| 发表于 2007-5-23 02:25:25 | 显示全部楼层
小弟是新手,请大家帮忙的时候给点具体的办法,先谢了
wangjay1980
发表于 2007-5-23 09:30:54 | 显示全部楼层
入口点错误:FreeLibrary (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0x5F00002D)
用你的SRE修复一下这个入口点错误,然后在扫个报告
fingerling
 楼主| 发表于 2007-5-24 14:47:35 | 显示全部楼层

回复 #4 wangjay1980 的帖子

谢谢了,我已经重分区了,用卡巴和AVG7.5都杀过了,AVG杀了来两个木马,别的已经没什么了,再次感谢版主
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-12-23 12:44 , Processed in 0.133884 second(s), 20 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表