请大家帮忙看看这个到底该怎么办啊?!
上周六晚上在迅雷博客上下东西,好象是中木马了,用AVG7.5在线杀毒,杀完了,重杀的时候,上面还有,有几个一直杀完又有了(图1),还有,卡巴根本就杀不出来,
用IceSword1.2看见图2所示,还有很多这样的红色的东西.
- 2007-06-24,02:15:47
- System Repair Engineer 2.4.12.806
- Smallfrogs (http://www.KZTechs.com)
- Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
- 以下内容被选中:
- 所有的启动项目(包括注册表、启动文件夹、服务等)
- 浏览器加载项
- 正在运行的进程(包括进程模块信息)
- 文件关联
- Winsock 提供者
- Autorun.inf
- HOSTS 文件
- 启动项目
- 注册表
- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
- <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
- [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
- <load><> [N/A]
- <run><> [N/A]
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
- <Windows木马防火墙><E:\软件\安全防护\Windows木马清道夫 8.8上网必备绿色注册可升级版\ftcsetup\Trojanwall.exe> [风云谷]
- <AVP><"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"> [(Verified)Kaspersky Lab]
- <!AVG Anti-Spyware><"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized> [Anti-Malware Development a.s.]
- <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
- <shell><Explorer.exe> [(Verified)Microsoft Windows Publisher]
- <Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
- <AppInit_DLLs><> [N/A]
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
- <UIHost><C:\WINDOWS\Resources\Themes\Login\logonui-3.1.exe> [N/A]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
- <{57B86673-276A-48B2-BAE7-C6DBB3020EB8}><C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll> [Anti-Malware Development a.s.]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
- <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll> [(Verified)Microsoft Windows Component Publisher]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
- <WinlogonNotify: klogon><C:\WINDOWS\system32\klogon.dll> [(Verified)Kaspersky Lab]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
- <IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe> [(Verified)Microsoft Windows Component Publisher]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- <!AVG Anti-Spyware><; "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized> [Anti-Malware Development a.s.]
- <5QIM><; d:\Program Files\5Q\校园通\5QIM.exe> [xiaonei.com]
- <FlashGet><; "C:\Program Files\FlashGet\FlashGet.exe" /min> [N/A]
- <NvCplDaemon><; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
- <NvMediaCenter><; RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
- <nwiz><; nwiz.exe /install> []
- <SoundMan><; SOUNDMAN.EXE> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
- <Super Rabbit SRRestore><; C:\PROGRA~1\SUPERR~1\MagicSet\SRRest.exe /autosave> [N/A]
- ==================================
- 启动文件夹
- N/A
- ==================================
- 服务
- [AVG Anti-Spyware Guard / AVG Anti-Spyware Guard][Running/Auto Start]
- <C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe><Anti-Malware Development a.s.>
- [卡巴斯基反病毒 7.0 / AVP][Running/Auto Start]
- <"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r><Kaspersky Lab>
- [Human Interface Device Access / HidServ][Stopped/Disabled]
- <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
- [NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
- <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
- ==================================
- 驱动程序
- [Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
- <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
- [AMD Processor Driver / AmdK8][Running/System Start]
- <system32\DRIVERS\AmdK8.sys><Advanced Micro Devices>
- [AVG Anti-Spyware Driver / AVG Anti-Spyware Driver][Running/System Start]
- <\??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys><N/A>
- [AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start]
- <System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.>
- [GMSIPCI / GMSIPCI][Stopped/Manual Start]
- <\??\H:\INSTALL\GMSIPCI.SYS><N/A>
- [kl1 / kl1][Running/Boot Start]
- <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
- [klif / klif][Running/System Start]
- <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
- [nv / nv][Running/Manual Start]
- <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
- [nvata / nvata][Running/Boot Start]
- <\SystemRoot\system32\DRIVERS\nvata.sys><NVIDIA Corporation>
- [NVIDIA nForce Networking Controller Driver / NVENETFD][Running/Manual Start]
- <system32\DRIVERS\NVENETFD.sys><NVIDIA Corporation>
- [NVIDIA Network Bus Enumerator / nvnetbus][Running/Manual Start]
- <system32\DRIVERS\nvnetbus.sys><NVIDIA Corporation>
- [Direct Parallel Link Driver / Ptilink][Running/Manual Start]
- <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
- [Secdrv / Secdrv][Stopped/Manual Start]
- <system32\DRIVERS\secdrv.sys><N/A>
- [PCANDIS5 NDIS Protocol Driver / PCANDIS5][Running/Manual Start]
- <\??\C:\WINDOWS\system32\PCANDIS5.SYS><Printing Communications Assoc., Inc. (PCAUSA)>
- ==================================
- 浏览器加载项
- [SrchHook Class]
- {F08555B0-9CC3-11D2-AA8E-000000000000} <C:\WINDOWS\system32\IEBHO.dll, >
- [Web反病毒 统计]
- {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll, Kaspersky Lab>
- [番茄花园]
- {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.tomatolei.com, N/A>
- [番茄工具条3.1.5]
- {6451F285-9E41-4D8C-813D-794CA7BFEAB4} <C:\WINDOWS\system32\IETool.dll, N/A>
- [ewidoOnlineScan Control]
- {193C772A-87BE-4B19-A7BB-445B226FE9A1} <C:\WINDOWS\DOWNLO~1\EWIDOO~1.DLL, Anti-Malware Development a.s.>
- [ewidoOnlineScan Control]
- {193C772A-87BE-4B19-A7BB-445B226FE9A1} <C:\WINDOWS\DOWNLO~1\EWIDOO~1.DLL, Anti-Malware Development a.s.>
- [FGCatchUrl]
- {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <C:\Program Files\FlashGet\jccatch.dll, N/A>
- [CImWebObj Object]
- {5C56F4A7-71FC-4FFD-A9D7-18FB87A9DFC6} <d:\Program Files\5Q\校园通\5QImWeb2009.dll, 5Q校内网>
- [番茄工具条3.1.5]
- {6451F285-9E41-4D8C-813D-794CA7BFEAB4} <C:\WINDOWS\system32\IETool.dll, N/A>
- [Microsoft Shell UI Helper]
- {64AB4BB7-111E-11D1-8F79-00C04FC2FBE1} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
- [AUDIO__MID Moniker Class]
- {CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
- [AUDIO__MP3 Moniker Class]
- {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
- [AUDIO__X_MS_WMA Moniker Class]
- {CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
- [Shockwave Flash Object]
- {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
- [SrchHook Class]
- {F08555B0-9CC3-11D2-AA8E-000000000000} <C:\WINDOWS\system32\IEBHO.dll, >
- [FlashGet GetFlash Class]
- {F156768E-81EF-470C-9057-481BA8380DBA} <C:\Program Files\FlashGet\getflash.dll, N/A>
- [XML HTTP]
- {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, N/A>
- [FGCatchUrl]
- {FB5DA724-162B-11D3-8B9B-AA70B4B0B524} <C:\Program Files\FlashGet\jccatch.dll, N/A>
- [添加到QQ表情]
- <d:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
- ==================================
- 正在运行的进程
- [PID: 652][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [PID: 728][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [E:\软件\安全防护\Windows木马清道夫 8.8上网必备绿色注册可升级版\ftcsetup\ProcessHook.dll] [Fygsoft and Microsoft, 1.0.0.33]
- [PID: 760][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [C:\WINDOWS\system32\klogon.dll] [Kaspersky Lab, 7.0.0.60]
- [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
- [E:\软件\安全防护\Windows木马清道夫 8.8上网必备绿色注册可升级版\ftcsetup\ProcessHook.dll] [Fygsoft and Microsoft, 1.0.0.33]
- [PID: 1672][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
- [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
- [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16441 (vista_gdr.070219-1500)]
- [C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16441 (vista_gdr.070219-1500)]
- [C:\WINDOWS\system32\WPDShServiceObj.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
- [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
- [E:\软件\安全防护\Windows木马清道夫 8.8上网必备绿色注册可升级版\ftcsetup\ProcessHook.dll] [Fygsoft and Microsoft, 1.0.0.33]
- [C:\WINDOWS\system32\PortableDeviceTypes.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
- [C:\WINDOWS\system32\PortableDeviceApi.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
- [C:\Program Files\WinRAR\rarext.dll] [N/A, ]
- [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\ShellEx.dll] [Kaspersky Lab, 7.0.0.60]
- [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.42]
- [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\MSVCP80.dll] [Microsoft Corporation, 8.00.50727.42]
- [E:\软件\安全防护\WINDOW~1.8上\ftcsetup\Commenu.dll] [Fygsoft and Microsoft, 3.0.0.63]
- [C:\WINDOWS\system32\nvcpl.dll] [NVIDIA Corporation, 6.14.10.9136]
- [C:\WINDOWS\system32\NVRSZHC.DLL] [NVIDIA Corporation, 6.14.10.9136]
- [C:\WINDOWS\system32\nvshell.dll] [, ]
- [C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll] [Anti-Malware Development a.s., 7, 5, 0, 49]
- [C:\WINDOWS\system32\wpdshext.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
- [C:\WINDOWS\system32\Audiodev.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
- [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\prremote.dll] [Kaspersky Lab, 7.0.0.60]
- [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\prloader.dll] [Kaspersky Lab, 7.0.0.60]
- [C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll] [Anti-Malware Development a.s., 7, 5, 0, 47]
- [PID: 1816][E:\软件\安全防护\Windows木马清道夫 8.8上网必备绿色注册可升级版\ftcsetup\Trojanwall.exe] [风云谷, 4.7.0.1405]
- [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
- [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16441 (vista_gdr.070219-1500)]
- [E:\软件\安全防护\Windows木马清道夫 8.8上网必备绿色注册可升级版\ftcsetup\ftcapi.dll] [fygsoft, 1.0.0.0]
- [E:\软件\安全防护\Windows木马清道夫 8.8上网必备绿色注册可升级版\ftcsetup\ProcessHook.dll] [Fygsoft and Microsoft, 1.0.0.33]
- [E:\软件\安全防护\Windows木马清道夫 8.8上网必备绿色注册可升级版\ftcsetup\PSAPI.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
- [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
- [PID: 1832][C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe] [Anti-Malware Development a.s., 7, 5, 0, 50]
- [C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\engine.dll] [Anti-Malware Development a.s., 4, 2, 0, 15]
- [E:\软件\安全防护\Windows木马清道夫 8.8上网必备绿色注册可升级版\ftcsetup\ProcessHook.dll] [Fygsoft and Microsoft, 1.0.0.33]
- [PID: 1920][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [E:\软件\安全防护\Windows木马清道夫 8.8上网必备绿色注册可升级版\ftcsetup\ProcessHook.dll] [Fygsoft and Microsoft, 1.0.0.33]
- [PID: 2236][C:\Program Files\锐捷网络\Ruijie Supplicant\8021x.exe] [锐捷网络, 3, 2, 0, 0]
- [C:\WINDOWS\system32\W32N50.dll] [Printing Communications Assoc., Inc. (PCAUSA), 5.03.16.54]
- [E:\软件\安全防护\Windows木马清道夫 8.8上网必备绿色注册可升级版\ftcsetup\ProcessHook.dll] [Fygsoft and Microsoft, 1.0.0.33]
- [C:\PROGRA~1\锐捷网络\RUIJIE~1\EXRGPA~1.OCX] [锐捷网络, 1, 0, 0, 1]
- [C:\PROGRA~1\锐捷网络\RUIJIE~1\HIDetect.dll] [锐捷网络, 1, 0, 0, 1]
- [C:\PROGRA~1\锐捷网络\RUIJIE~1\Vx_API.dll] [锐捷网络, 1, 0, 0, 1]
- [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16441 (vista_gdr.070219-1500)]
- [PID: 2728][C:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [E:\软件\安全防护\Windows木马清道夫 8.8上网必备绿色注册可升级版\ftcsetup\ProcessHook.dll] [Fygsoft and Microsoft, 1.0.0.33]
- [PID: 3964][C:\Program Files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 7.00.6000.16441 (vista_gdr.070219-1500)]
- [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16441 (vista_gdr.070219-1500)]
- [E:\软件\安全防护\Windows木马清道夫 8.8上网必备绿色注册可升级版\ftcsetup\ProcessHook.dll] [Fygsoft and Microsoft, 1.0.0.33]
- [C:\WINDOWS\system32\IEFRAME.dll] [Microsoft Corporation, 7.00.6000.16441 (vista_gdr.070219-1500)]
- [C:\WINDOWS\system32\IEUI.dll] [Microsoft Corporation, 7.00.5730.11 (winmain(wmbla).061017-1135)]
- [C:\WINDOWS\system32\xmllite.dll] [Microsoft Corporation, 1.00.1018.0]
- [C:\Program Files\Internet Explorer\ieproxy.dll] [Microsoft Corporation, 7.00.5730.11 (winmain(wmbla).061017-1135)]
- [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
- [C:\WINDOWS\system32\IETool.dll] [N/A, ]
- [C:\WINDOWS\system32\IEBHO.dll] [, 1, 0, 0, 1]
- [C:\WINDOWS\system32\ieapfltr.dll] [Microsoft Corporation, 7.0.6000.16461]
- [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\scrchpg.dll] [Kaspersky Lab, 7.0.0.60]
- [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\klscav.dll] [Kaspersky Lab, 7.0.0.60]
- [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.42]
- [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\prremote.dll] [Kaspersky Lab, 7.0.0.60]
- [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\MSVCP80.dll] [Microsoft Corporation, 8.00.50727.42]
- [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\prloader.dll] [Kaspersky Lab, 7.0.0.60]
- [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\prkernel.ppl] [Kaspersky Lab, 7.0.0.60]
- [c:\program files\kaspersky lab\kaspersky anti-virus 7.0\params.ppl] [Kaspersky Lab, 7.0.0.60]
- [c:\program files\kaspersky lab\kaspersky anti-virus 7.0\pxstub.ppl] [Kaspersky Lab, 7.0.0.60]
- [c:\program files\kaspersky lab\kaspersky anti-virus 7.0\tempfile.ppl] [Kaspersky Lab, 7.0.0.60]
- [c:\program files\kaspersky lab\kaspersky anti-virus 7.0\nfio.ppl] [Kaspersky Lab, 7.0.0.60]
- [c:\program files\kaspersky lab\kaspersky anti-virus 7.0\fsdrvplg.ppl] [Kaspersky Lab, 7.0.0.60]
- [c:\program files\kaspersky lab\kaspersky anti-virus 7.0\basegui.ppl] [Kaspersky Lab, 7.0.0.60]
- [c:\program files\kaspersky lab\kaspersky anti-virus 7.0\thpimpl.ppl] [Kaspersky Lab, 7.0.0.60]
- [c:\program files\kaspersky lab\kaspersky anti-virus 7.0\FSSync.dll] [Kaspersky Lab, 7.0.5.60]
- [c:\program files\kaspersky lab\kaspersky anti-virus 7.0\winreg.ppl] [Kaspersky Lab, 7.0.0.60]
- [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
- [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx] [Adobe Systems, Inc., 9,0,28,0]
- [C:\WINDOWS\DOWNLO~1\EWIDOO~1.DLL] [Anti-Malware Development a.s., 1.0.0.4]
- [C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Z1QCLGLC\engine[1].dll] [Anti-Malware Development a.s., 4, 2, 0, 15]
- [PID: 3056][G:\SREng.EXE] [Smallfrogs Studio, 2.4.12.806]
- [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
- [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16441 (vista_gdr.070219-1500)]
- [E:\软件\安全防护\Windows木马清道夫 8.8上网必备绿色注册可升级版\ftcsetup\ProcessHook.dll] [Fygsoft and Microsoft, 1.0.0.33]
- ==================================
- 文件关联
- .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
- .EXE OK. ["%1" %*]
- .COM OK. ["%1" %*]
- .PIF OK. ["%1" %*]
- .REG OK. [regedit.exe "%1"]
- .BAT OK. ["%1" %*]
- .SCR OK. ["%1" /S]
- .CHM Error. ["hh.exe" %1]
- .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
- .INI Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
- .INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
- .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
- .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
- .LNK OK. [{00021401-0000-0000-C000-000000000046}]
- ==================================
- Winsock 提供者
- N/A
- ==================================
- Autorun.inf
- N/A
- ==================================
- HOSTS 文件
- 127.0.0.1 localhost
- ==================================
- API HOOK
- 入口点错误:FreeLibrary (危险等级: 一般, 被下面模块所HOOK: Dest Addr: 0x5F00002D)
- ==================================
- 隐藏进程
- N/A
- ==================================
复制代码
[ 本帖最后由 fingerling 于 2007-5-23 06:33 编辑 ] |