查看: 8232|回复: 13
收起左侧

NSPack?是什么样的病毒?帮忙,每个盘都有,网游帐号也被盗了@--附HijackThis扫描

[复制链接]
feiyutzl
发表于 2007-6-23 15:18:17 | 显示全部楼层 |阅读模式
已删除: 病毒 Packed.Win32.NSAnti.p        文件: C:\DOCUME~1\feiyutzl\LOCALS~1\Temp\Msxo0.dll
已删除: 病毒 Invader (修改)        文件: D:\QQ包\qq\ACodec.cfg//NSPack
已删除: 病毒 Invader (修改)        文件: D:\QQ包\qq\ausdl.cfg//NSPack
已删除: 病毒 Invader (修改)        文件: D:\QQ包\qq\ACodec.ini//NSPack
已删除: 病毒 Invader (修改)        文件: D:\QQ包\qq\BasicCtrlDll.cfg//NSPack
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.fq        文件: C:\Documents and Settings\feiyutzl\Local Settings\Temp\iexp10re.exe
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.fq        文件: C:\Documents and Settings\feiyutzl\Local Settings\Temporary Internet Files\Content.IE5\QHWXG9EJ\data2[1].bin
已删除: 病毒 Invader (修改)        文件: E:\传奇\热血传奇\SDDynSec.drv//NSPack
已删除: 病毒 Invader (修改)        文件: C:\WINDOWS\system32\mswsock30.dll//NSPack
已删除: 病毒 Invader (修改)        文件: D:\QQ包\QQ\ausdln.cfg//NSPack
已删除: 病毒 Invader (修改)        文件: D:\QQ包\QQ游戏\hcq.ini//NSPack
已删除: 病毒 Invader (修改)        文件: D:\QQ包\QQ游戏\DdzRpg\2DEngineDll.ini//NSPack
已删除: 病毒 Invader (修改)        文件: D:\QQ包\QQ游戏\NewsjRpg\NewsjRpg.ini//NSPack
已删除: 病毒 Invader (修改)        文件: D:\QQ包\QQ游戏\Update\ResEx.cfg//NSPack
已删除: 病毒 Invader (修改)        文件: D:\QQ包\腾讯QQ2007 B2KB1 海峰实用版\ACodec.cfg//NSPack
已删除: 病毒 Invader (修改)        文件: D:\QQ包\腾讯QQ2007 Beta2 兔兔修改版\Tencent-v6.3\AddrImportHelper.ini//NSPack
已删除: 病毒 Invader (修改)        文件: D:\QQ包\腾讯QQ2007 Beta2 兔兔修改版\Tencent-v6.3\QQGame\CardRes.ini//NSPack
已删除: 病毒 Invader (修改)        文件: E:\浩方对站平台\ChannelManager.cfg//NSPack
已检测到: 风险软件 Invader        运行进程: E:\传奇\热血传奇\Dyntmp1.dat


我装的是卡巴斯基互联网安全套装 7.0   能扫出来,但杀不完,一不注意就会冒出来,系统做了好多次了,找不到这个东西的源头在哪,
希望知道的能告诉我这个"NSPack"是个什么东西,怎么样能完全杀掉.
就只有在  C盘   装QQ,浩方和传奇的文件里面发现这个东西!


HijackThis扫描结果~  sreng2的在9楼


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 7:20:13, on 2007-6-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Resources\Themes\CalSprite\CalSprite.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
F:\HijackThis\HiJackThis v2.0.exe

O2 - BHO: QQCycloneHelper - {00000000-12C9-4305-82F9-43058F20E8D2} - D:\QQ包\QQDownload\QQIEHelper01.dll
O2 - BHO: 超级兔子上网精灵 - {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} - F:\超级兔子\haokanbar.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - F:\迅雷(Thunder)\ComDlls\XunLeiBHO_004.dll
O3 - Toolbar: (no name) - #{43869BB3-22FD-4F15-9B46-238106BA2F4E} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SKYNET Personal FireWall] F:\安装程序\天网防火墙\天网防火墙\PFW.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CalSprite] C:\WINDOWS\Resources\Themes\CalSprite\CalSprite.exe
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] ctfmon.exe (User 'Default user')
O8 - Extra context menu item: &使用超级旋风下载 - D:\QQ包\QQDownload\geturl.htm
O8 - Extra context menu item: &使用超级旋风下载全部链接 - D:\QQ包\QQDownload\getAllurl.htm
O8 - Extra context menu item: &使用迅雷下载 - F:\迅雷(Thunder)\Program\GetUrl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - F:\迅雷(Thunder)\Program\GetAllUrl.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 让卡巴斯基阻止该广告 - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O9 - Extra button: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - E:\浩方对站平台\GameClient.exe
O9 - Extra button: Web 防护 统计 - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: 番茄花园 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://www.tomatolei.com (file missing)
O14 - IERESET.INF: START_PAGE_URL=about:blank
O15 - Trusted Zone: http://*.localhost
O16 - DPF: {6A9735F1-72AA-49E9-9981-A13C3FD8641B} (WuYou.WySystem) - http://localhost/webexam/Activex/WySystem.cab
O16 - DPF: {E847C78C-C210-4195-8799-FBF3BF89797D} (金山毒霸在线产品升级) - [url=http://scan.www.duba.net/duba/download/install/onlinescan/KOSInit.cab]http://scan.www.duba.net/duba/download/install/onlinescan/KOSInit.cab[/url]
O17 - HKLM\System\CCS\Services\Tcpip\..\{31A3514E-F7D3-419E-A4B4-8F224239BBE6}: NameServer = 202.103.96.112
O17 - HKLM\System\CS1\Services\Tcpip\..\{31A3514E-F7D3-419E-A4B4-8F224239BBE6}: NameServer = 202.103.96.112
O17 - HKLM\System\CS2\Services\Tcpip\..\{31A3514E-F7D3-419E-A4B4-8F224239BBE6}: NameServer = 202.103.96.112
O22 - SharedTaskScheduler: Browseui 预加载程序 - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: 组件类别缓存程序 - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: 卡巴斯基互联网安全套装 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 4327 bytes

[ 本帖最后由 feiyutzl 于 2007-6-24 20:59 编辑 ]
zerosu6652
发表于 2007-6-23 15:24:33 | 显示全部楼层
NSPack大概是被注入恶意程序了的意思
feiyutzl
 楼主| 发表于 2007-6-23 15:32:41 | 显示全部楼层
谢谢帮忙解答,你知道怎样能杀干净吗?
zerosu6652
发表于 2007-6-23 15:40:11 | 显示全部楼层
貌似那是个"野路子货",最好不要用那玩意.
应该可以杀掉.
杀不掉的话就用置顶帖里的冰刃或UNLOCKER在安全模式下删.

[ 本帖最后由 zerosu6652 于 2007-6-23 15:43 编辑 ]
wangjay1980
发表于 2007-6-23 15:40:41 | 显示全部楼层
NSPack这个是壳的名称,请先在安全模式下杀毒
amdme
发表于 2007-6-23 17:34:49 | 显示全部楼层
进安全模式全盘扫,把被感染的文件全都杀一遍就好了~

这个我中过一会,如果是QQ被感染的话,你一登陆QQ就会自动在网上下载病毒。。

而且卡巴虽然能检测到正在下的是病毒,也禁止了,但是似乎还是下载了,搞不清
feiyutzl
 楼主| 发表于 2007-6-24 07:40:34 | 显示全部楼层
高手帮忙看看HijackThis扫描结果~的结果`~
zerosu6652
发表于 2007-6-24 07:47:18 | 显示全部楼层
番茄的系统?
建议别用番茄的系统.
(P.S:扫描请用置顶帖里的SRE)
feiyutzl
 楼主| 发表于 2007-6-24 20:54:24 | 显示全部楼层


  1. 2007-06-24,20:59:39

  2. System Repair Engineer 2.4.12.806
  3. Smallfrogs ([url]http://www.KZTechs.com[/url])

  4. Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

  5. 以下内容被选中:
  6.     所有的启动项目(包括注册表、启动文件夹、服务等)
  7.     浏览器加载项
  8.     正在运行的进程(包括进程模块信息)
  9.     文件关联
  10.     Winsock 提供者
  11.     Autorun.inf
  12.     HOSTS 文件


  13. 启动项目
  14. 注册表
  15. [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  16.     <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
  17.     <CalSprite><C:\WINDOWS\Resources\Themes\CalSprite\CalSprite.exe>  [SnowFox Studio.]
  18. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  19.     <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [NVIDIA Corporation]
  20.     <AVP><"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe">  [(Verified)Kaspersky Lab]
  21.     <SKYNET Personal FireWall><C:\PROGRA~1\SkyNet\FireWall\pfw.exe>  [广州众达天网技术有限公司]
  22. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  23.     <shell><Explorer.exe>  [(Verified)]
  24.     <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
  25.     <UIHost><C:\WINDOWS\system32\XPSTYLE_ThemePackage\Logonui.exe>  [Microsoft Corporation]
  26. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
  27.     <{57B86673-276A-48B2-BAE7-C6DBB3020EB8}><F:\eWido\shellexecutehook.dll>  [(Verified)GRISOFT LTD]
  28. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
  29.     <WinlogonNotify: klogon><C:\WINDOWS\system32\klogon.dll>  [(Verified)Kaspersky Lab]

  30. ==================================
  31. 启动文件夹
  32. N/A

  33. ==================================
  34. 服务
  35. [AVG Anti-Spyware Guard / AVG Anti-Spyware Guard][Running/Auto Start]
  36.   <F:\eWido\guard.exe><GRISOFT s.r.o.>
  37. [卡巴斯基互联网安全套装 7.0 / AVP][Stopped/Auto Start]
  38.   <"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r><Kaspersky Lab>
  39. [Human Interface Device Access / HidServ][Stopped/Disabled]
  40.   <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
  41. [InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
  42.   <"C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"><Macrovision Corporation>
  43. [NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
  44.   <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>

  45. ==================================
  46. 驱动程序
  47. [Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  48.   <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
  49. [AVG Anti-Spyware Driver / AVG Anti-Spyware Driver][Running/System Start]
  50.   <\??\F:\eWido\guard.sys><N/A>
  51. [AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start]
  52.   <System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.>
  53. [kl1 / kl1][Running/Boot Start]
  54.   <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
  55. [klif / klif][Running/System Start]
  56.   <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
  57. [Kaspersky Anti-Virus NDIS Filter / klim5][Running/Manual Start]
  58.   <system32\DRIVERS\klim5.sys><Kaspersky Lab>
  59. [npkcrypt / npkcrypt][Stopped/Manual Start]
  60.   <\??\C:\WINDOWS\system32\npkcrypt.sys><N/A>
  61. [npkycryp / npkycryp][Stopped/Manual Start]
  62.   <\??\C:\WINDOWS\system32\npkycryp.sys><N/A>
  63. [nv / nv][Running/Manual Start]
  64.   <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
  65. [Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  66.   <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
  67. [Secdrv / Secdrv][Stopped/Manual Start]
  68.   <system32\DRIVERS\secdrv.sys><N/A>
  69. [SKNFW / SKNFW][Running/System Start]
  70.   <\??\C:\WINDOWS\system32\Drivers\SKNFW.sys><N/A>
  71. [SkyProcs / SkyProcs][Running/Manual Start]
  72.   <\??\C:\PROGRA~1\SkyNet\FireWall\SkyProcs.sys><N/A>
  73. [viamraid / viamraid][Running/Boot Start]
  74.   <\SystemRoot\system32\DRIVERS\viamraid.sys><VIA Technologies inc,.ltd>
  75. [NDIS5.1 Miniport Driver for Marvell Yukon Gigabit Ethernet Adapter / yukonwxp][Running/Manual Start]
  76.   <system32\DRIVERS\yukonwxp.sys><Marvell Semiconductor Inc.>

  77. ==================================
  78. 浏览器加载项
  79. [QQCycloneHelper Class]
  80.   {00000000-12C9-4305-82F9-43058F20E8D2} <D:\QQ包\QQDownload\QQIEHelper01.dll, 腾讯公司>
  81. [超级兔子上网精灵]
  82.   {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <F:\超级兔子\haokanbar.dll, Xiang Feng Technology>
  83. []
  84.   {889D2FEB-5411-4565-8998-1DD2C5261283} <F:\迅雷(Thunder)\ComDlls\XunLeiBHO_004.dll, Thunder Networking Technologies,LTD>
  85. [浩方对战平台]
  86.   {0A155D3C-68E2-4215-A47A-E800A446447A} <E:\浩方对站平台\GameClient.exe, 上海浩方在线信息技术有限公司>
  87. [Web 防护 统计]
  88.   {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll, Kaspersky Lab>
  89. [番茄花园]
  90.   {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <[url]http://www.tomatolei.com[/url], N/A>
  91. [WuYou.WySystem]
  92.   {6A9735F1-72AA-49E9-9981-A13C3FD8641B} <D:\初级会计电算化考试练习系统\wyocxdll\WYSYSTEM.OCX, WuYou Computer Cor>
  93. [QQCycloneHelper Class]
  94.   {00000000-12C9-4305-82F9-43058F20E8D2} <D:\QQ包\QQDownload\QQIEHelper01.dll, 腾讯公司>
  95. [Windows Media Player]
  96.   {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
  97. [Microsoft Rich Textbox Control 6.0 (SP6)]
  98.   {3B7C8860-D78F-101B-B9B5-04021C009402} <C:\WINDOWS\system32\richtx32.ocx, Microsoft Corporation>
  99. [超级兔子上网精灵]
  100.   {43869BB3-22FD-4F15-9B46-238106BA2F4E} <F:\超级兔子\haokanbar.dll, Xiang Feng Technology>
  101. [WuYou.WySystem]
  102.   {6A9735F1-72AA-49E9-9981-A13C3FD8641B} <D:\初级会计电算化考试练习系统\wyocxdll\WYSYSTEM.OCX, WuYou Computer Cor>
  103. [超级兔子上网精灵]
  104.   {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <F:\超级兔子\haokanbar.dll, Xiang Feng Technology>
  105. []
  106.   {889D2FEB-5411-4565-8998-1DD2C5261283} <F:\迅雷(Thunder)\ComDlls\XunLeiBHO_004.dll, Thunder Networking Technologies,LTD>
  107. [Xceed Zip Control]
  108.   {B26F6246-4C7D-11D1-910E-00600807163F} <D:\初级会计电算化考试练习系统\webexam\activex\xcdzip35.ocx, Xceed Software Inc.     1-450-442-2626     [email]zip@xceedsoft.com[/email]     [url]www.xceedsoft.com[/url]>
  109. [SearchAssistantOC]
  110.   {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
  111. [RDS.DataSpace]
  112.   {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
  113. [Shockwave Flash Object]
  114.   {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>
  115. [&使用超级旋风下载]
  116.   <D:\QQ包\QQDownload\geturl.htm, N/A>
  117. [&使用超级旋风下载全部链接]
  118.   <D:\QQ包\QQDownload\getAllurl.htm, N/A>
  119. [&使用迅雷下载]
  120.   <F:\迅雷(Thunder)\Program\GetUrl.htm, N/A>
  121. [&使用迅雷下载全部链接]
  122.   <F:\迅雷(Thunder)\Program\GetAllUrl.htm, N/A>
  123. [上传到QQ网络硬盘]
  124.   <, N/A>
  125. [导出到 Microsoft Office Excel(&X)]
  126.   <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
  127. [添加到QQ自定义面板]
  128.   <, N/A>
  129. [添加到QQ表情]
  130.   <, N/A>
  131. [用QQ彩信发送该图片]
  132.   <, N/A>

  133. ==================================
  134. 正在运行的进程
  135. [PID: 464][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  136. [PID: 528][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  137. [PID: 1468][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
  138.     [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll]  [Kaspersky Lab, 7.0.0.120]
  139.     [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\scrchpg.dll]  [Kaspersky Lab, 7.0.0.120]
  140.     [C:\WINDOWS\system32\nvcpl.dll]  [NVIDIA Corporation, 6.14.10.8340]
  141.     [F:\eWido\shellexecutehook.dll]  [GRISOFT s.r.o., 7, 5, 1, 36]
  142. [PID: 1668][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  143. [PID: 1676][C:\WINDOWS\Resources\Themes\CalSprite\CalSprite.exe]  [SnowFox Studio., 1.5.4.54]
  144.     [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll]  [Kaspersky Lab, 7.0.0.120]
  145. [PID: 3432][C:\WINDOWS\system32\wuauclt.exe]  [Microsoft Corporation, 7.0.6000.374 (winmain(wmbla).070416-2057)]
  146. [PID: 1596][D:\QQ包\QQ\QQ.exe]  [TENCENT, 7,0,313,1681]
  147.     [D:\QQ包\QQ\CoralAssist.dll]  [Coral Team, 5.0.0 build 20060829]
  148.     [D:\QQ包\QQ\CoralQQ.dll]  [Coral Team, 5.0.1a Build 20070620]
  149.     [D:\QQ包\QQ\kql.dll]  [Coral Team, 5.0.1a build 20070620]
  150.     [D:\QQ包\QQ\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.42]
  151.     [D:\QQ包\QQ\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.42]
  152.     [D:\QQ包\QQ\ipsearcher.dll]  [, 1.0.0.3]
  153.     [D:\QQ包\QQ\QQBaseClassInDll.dll]  [TENCENT, 7,0,313,1681]
  154.     [D:\QQ包\QQ\QQHelperDll.dll]  [TENCENT, 7,0,313,1681]
  155.     [D:\QQ包\QQ\BasicCtrlDll.dll]  [TENCENT, 7, 0, 225, 1651]
  156.     [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll]  [Kaspersky Lab, 7.0.0.120]
  157.     [D:\QQ包\QQ\NoDisturbFilter.cqx]  [Coral Team, 1.0]
  158.     [D:\QQ包\QQ\ConfigHotkey.cqx]  [Coral Team, 1.0]
  159.     [D:\QQ包\QQ\QQAPI.dll]  [TENCENT, 7,0,313,1681]
  160.     [D:\QQ包\QQ\TIMProxy.dll]  [tencent, 0, 3, 2, 4]
  161.     [D:\QQ包\QQ\AutoReconnect.cqx]  [Coral Team, 1.0.0]
  162.     [D:\QQ包\QQ\LoginCtrl.dll]  [TENCENT, 7,0,313,1681]
  163.     [D:\QQ包\QQ\LoginCtrlRes.dll]  [TENCENT, 7,0,313,1681]
  164.     [D:\QQ包\QQ\QQRes.dll]  [TENCENT, 7,0,313,1681]
  165.     [D:\QQ包\QQ\MailSummary.dll]  [TENCENT, 7,0,313,1681]
  166.     [D:\QQ包\QQ\QQMainFrame.dll]  [N/A, ]
  167.     [D:\QQ包\QQ\CQQApplication.dll]  [N/A, ]
  168.     [D:\QQ包\QQ\FlashAvatarDll.dll]  [, 1, 4, 0, 1]
  169.     [D:\QQ包\QQ\NewSkin.dll]  [TENCENT, 7,0,313,1681]
  170.     [D:\QQ包\QQ\HostingMgr.dll]  [TENCENT, 7,0,313,1681]
  171.     [D:\QQ包\QQ\CameraDll.dll]  [TENCENT, 7,0,313,1681]
  172.     [D:\QQ包\QQ\CoralHotkey.cqx]  [Coral Team, 1.0]
  173.     [D:\QQ包\QQ\QQKnowledgeSearch.dll]  [TENCENT, 7,0,313,1681]
  174.     [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll]  [Kaspersky Lab, 7.0.0.120]
  175.     [D:\QQ包\QQ\QQAllInOne.dll]  [TENCENT, 7,0,313,1681]
  176.     [D:\QQ包\QQ\SCCore.dll]  [TENCENT, 1, 6, 0, 2]
  177.     [D:\QQ包\QQ\QQSpace.dll]  [TENCENT, 7,0,313,1681]
  178.     [C:\WINDOWS\system32\msdmo.dll]  [, ]
  179.     [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\adialhk.dll]  [Kaspersky Lab, 7.0.0.120]
  180.     [D:\QQ包\QQ\QQGroupMng.dll]  [TENCENT, 7,0,313,1681]
  181.     [D:\QQ包\QQ\QQSettingCtrl.dll]  [TENCENT, 7,0,313,1681]
  182.     [D:\QQ包\QQ\QQSysMsgMng.dll]  [N/A, ]
  183.     [D:\QQ包\QQ\UserDefinedHead.dll]  [TENCENT, 7,0,313,1681]
  184.     [D:\QQ包\QQ\QQPlugin.dll]  [N/A, ]
  185.     [D:\QQ包\QQ\QQConfigPlugin.dll]  [TENCENT, 7,0,313,1681]
  186.     [D:\QQ包\QQ\QQAvatar.dll]  [N/A, ]
  187.     [D:\QQ包\QQ\LongConnection.dll]  [TENCENT, 7,0,313,1681]
  188.     [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\scrchpg.dll]  [Kaspersky Lab, 7.0.0.120]
  189.     [D:\QQ包\QQ\QQCustomFace.dll]  [N/A, ]
  190.     [D:\QQ包\QQ\QRingMng.dll]  [N/A, ]
  191.     [D:\QQ包\QQ\QQPet.dll]  [TENCENT, 7,0,313,1681]
  192.     [D:\QQ包\QQ\PhoneAPI.dll]  [TENCENT, 7,0,313,1681]
  193.     [D:\QQ包\QQ\DialerAllinOne.dll]  [tencent, 1, 4, 0, 0]
  194.     [D:\QQ包\QQ\QQFileTransfer.dll]  [TENCENT, 7,0,313,1681]
  195.     [D:\QQ包\QQ\BQQApplication.dll]  [N/A, ]
  196.     [D:\QQ包\QQ\PersonalDesktop.dll]  [TENCENT, 7,0,313,1681]
  197.     [D:\QQ包\QQ\CommercesMng.dll]  [TENCENT, 7,0,313,1681]
  198.     [D:\QQ包\QQ\QQAddr.dll]  [深圳市腾讯计算机系统有限公司, 5, 0, 101, 310]
  199.     [D:\QQ包\QQ\QQSceneMng.dll]  [N/A, ]
  200.     [D:\QQ包\QQ\AddrSearch.dll]  [腾讯科技(深圳)有限公司, 2, 1, 9, 93]
  201.     [C:\WINDOWS\system32\l3codeca.acm]  [Fraunhofer Institut Integrierte Schaltungen IIS, 1, 9, 0, 0305]
  202.     [D:\QQ包\QQ\ImageOle.dll]  [TENCENT, 7,0,313,1681]
  203.     [D:\QQ包\QQ\QQLiveQMng.dll]  [TENCENT, 7,0,313,1681]
  204.     [D:\QQ包\QQ\QQMagicFace.dll]  [TENCENT, 7,0,313,1681]
  205.     [D:\QQ包\QQ\GroupConnection.dll]  [TENCENT, 7,0,313,1681]
  206.     [D:\QQ包\QQ\QQZip.dll]  [TENCENT, 7,0,313,1681]
  207.     [C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx]  [Adobe Systems, Inc., 9,0,45,0]
  208. [PID: 2356][D:\QQ包\QQ\TIMPlatform.exe]  [TENCENT, 7,0,313,1681]
  209.     [D:\QQ包\QQ\TIMProxy.dll]  [tencent, 0, 3, 2, 4]
  210. [PID: 4080][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  211. [PID: 2580][D:\千千静听\TTPlayer.exe]  [Alen Soft, 4, 6, 9, 0]
  212.     [D:\千千静听\ttpcomm.dll]  [N/A, ]
  213.     [D:\千千静听\ttpres.dll]  [Alen Soft, 4, 6, 9, 0]
  214.     [D:\千千静听\msdmo.dll]  [Microsoft Corporation, 6.03.01.0400]
  215.     [D:\千千静听\AddIn\ttp_asf.dll]  [N/A, ]
  216.     [D:\千千静听\AddIn\ttp_aac.dll]  [N/A, ]
  217.     [D:\千千静听\AddIn\ttp_ac3dts.dll]  [N/A, ]
  218.     [C:\DOCUME~1\feiyutzl\LOCALS~1\Temp\~e5.0001]  [Macrovision Europe Ltd., 1, 0, 0, 1]
  219.     [C:\DOCUME~1\feiyutzl\LOCALS~1\Temp\~e5.0001.dir.0000\~df394b.tmp]  [N/A, ]
  220.     [C:\DOCUME~1\feiyutzl\LOCALS~1\Temp\~e5.0001]  [Macrovision Europe Ltd., 1, 0, 0, 1]
  221.     [C:\DOCUME~1\feiyutzl\LOCALS~1\Temp\~e5.0001.dir.0001\~df394b.tmp]  [N/A, ]
  222. [PID: 3764][D:\QQ包\TT\TTraveler.exe]  [腾讯公司, 3, 3, 200, 290]
  223.     [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll]  [Kaspersky Lab, 7.0.0.120]
  224.     [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\scrchpg.dll]  [Kaspersky Lab, 7.0.0.120]
  225.     [D:\QQ包\TT\Plugins\QQFloatBar\QQFloatBar4TT2.dll]  [腾讯公司, 1, 1, 0, 5]
  226.     [D:\QQ包\TT\Plugins\TWeather\TWeather.dll]  [, 1, 0, 0, 3]
  227.     [D:\QQ包\TT\TTNetFavor.dll]  [N/A, ]
  228.     [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\klscav.dll]  [Kaspersky Lab, 7.0.0.120]
  229.     [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.42]
  230.     [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\adialhk.dll]  [Kaspersky Lab, 7.0.0.120]
  231.     [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll]  [Kaspersky Lab, 7.0.0.120]
  232. [PID: 2988][F:\sreng2\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
  233.     [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll]  [Kaspersky Lab, 7.0.0.120]
  234.     [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\adialhk.dll]  [Kaspersky Lab, 7.0.0.120]
  235.     [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll]  [Kaspersky Lab, 7.0.0.120]
  236.     [F:\sreng2\Plugins\NWMON.SRE]  [Smallfrogs Studio, 1, 0, 0, 8]

  237. ==================================
  238. 文件关联
  239. .TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
  240. .EXE  OK. ["%1" %*]
  241. .COM  OK. ["%1" %*]
  242. .PIF  OK. ["%1" %*]
  243. .REG  OK. [regedit.exe "%1"]
  244. .BAT  OK. ["%1" %*]
  245. .SCR  OK. ["%1" /S]
  246. .CHM  OK. ["C:\WINDOWS\hh.exe" %1]
  247. .HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
  248. .INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
  249. .INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
  250. .VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
  251. .JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
  252. .LNK  OK. [{00021401-0000-0000-C000-000000000046}]

  253. ==================================
  254. Winsock 提供者
  255. N/A

  256. ==================================
  257. Autorun.inf
  258. N/A

  259. ==================================
  260. HOSTS 文件
  261. 127.0.0.1       localhost

  262. ==================================
  263. API HOOK
  264. RVA  错误: LoadLibraryA (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xF5657AF0)
  265. RVA  错误: LoadLibraryExA (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xF5657CD0)
  266. RVA  错误: LoadLibraryExW (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xF5657E30)
  267. RVA  错误: LoadLibraryW (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xF5657BE0)
  268. RVA  错误: GetProcAddress (危险等级: 高,  被下面模块所HOOK: Dest Addr: 0xF5657DE0)

  269. ==================================
  270. 隐藏进程
  271. N/A

  272. ==================================


复制代码
feiyutzl
 楼主| 发表于 2007-6-24 20:54:41 | 显示全部楼层
0

[ 本帖最后由 feiyutzl 于 2007-6-24 21:00 编辑 ]
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-12-23 19:30 , Processed in 0.135606 second(s), 17 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表