引用 | 編輯
張小奇^^
2007-02-20 18:19 |
樓主
▼ |
||
x0
請問各位大大中了這個毒要如何解Trojan-PSW.Win32.Nilage.awo今天重灌完一掃就出現了該如何防治?查了一下是個木馬病毒 ps 我還是從網路抓了 這版本(WINXP PRO CHT SP2) 的xp以後掃毒一直出現 x0
|
引用 | 編輯
andy33448
2007-02-22 09:25 |
1樓
▲ ▼ |
或許在燒錄的時候被感染了 或許是存在ISO裡
這樣搞不出什麼名堂的 因為早就鎖住在裡面了.. 不如換一個版本吧 這片就拿去當杯墊吧.. x0 |
引用 | 編輯
ajdfajdfl
2007-03-16 19:55 |
2樓
▲ ▼ |
清除木馬程式 Trojan-PSW.Win32.Nilage.awo 方法如下:
一.關閉木馬程式 1.首先,開啟工作管理員(Ctrl+Alt+Del) 2.找到 svchost.exe (有很多個,找到"使用者名稱"是自己名字那個,他就是木馬偽裝的。) 3.右鍵→結束處理程序 二.刪除登錄檔讓他不再開啟 1.開始→執行→輸入regedit (開啟登錄編輯程式) 2.找到機碼 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon 右邊的Userinit的資料 C:\WINDOWS\system32\userinit.exe,C:\Program files\Windows Media Player\Svchost.exe 3.在資料上點兩下,把數值資料裡〝 ,C:\Program files\......Svchost.exe〞的部份刪掉,然後關閉。 三.刪除木馬檔案 1.找到資料夾C:\Program files\Windows Media Player 2.把 Svchost 刪掉即可。 x0 |
引用 | 編輯
彗星風采
2007-03-16 22:40 |
3樓
▲ ▼ |
建議樓主在安全模式下執行全系統掃毒看看能否把木馬刪除...
如果問題仍未解決..請提供防軟所掃到的中毒名稱及詳細路徑.. 並參考置頂工具跑一份SREng報表貼上來以供判讀.. x0 |
引用 | 編輯
gunstyle
2007-09-03 11:43 |
4樓
▲ ▼ |
請問大大,我也是nilage的受害者之一,看到樓上大大的解決方法後,想要試試,可是我在scvhost的名稱裡不知道該刪哪個(可能是之前灌xp,都一直按下一步,所以是預設的名稱) 所以想請問各大大,我該刪的scvhost名稱是哪一個呢,感恩
x0 |
引用 | 編輯
彗星風采
2007-09-03 12:31 |
5樓
▲ ▼ |
下面是引用gunstyle於2007-09-03 11:43發表的 Re:請問各位大大中了這個毒要如何解才完整Trojan-PSW.Win32.Nilage.:如果大大您名稱沒有打錯的話..scvhost絕對是有問題的檔案喔!所以都可以刪除....正常的是svchost.. x0 |
引用 | 編輯
gunstyle
2007-09-03 13:10 |
6樓
▲ ▼ |
下面是引用彗星風采於2007-09-03 12:31發表的 Re:Re:請問各位大大中了這個毒要如何解才完整Trojan-PSW.Win32.Nilage.: ,是我打錯了,看來我記憶力不是很好 我開啟工作管理員後,有很多svchost的檔案,可使用者名稱不同,我現在是不知道要刪哪一個svchost,然後我從中發現有兩個 樣的使用者名稱,檔名是「system」,這兩個各佔的記憶體分別為2028k跟5084k~是這兩個出錯的嗎 ,其餘的svchost的使用者名稱則為「NETWORK SERVICE」!(這個也有兩組 ) 最後一個就是「LOCAL SERVICE」,感恩大大啊~~可以幫我解感一下嗎 謝謝 x0 |
引用 | 編輯
彗星風采
2007-09-03 14:02 |
7樓
▲ ▼ |
下面是引用gunstyle於2007-09-03 13:10發表的 Re:Re:Re:請問各位大大中了這個毒要如何解才完整Trojan-PSW.Win32.Nilage.:建議樓主可以始用工具Icesword切換至Processes模式觀察svchost.exe的位置在哪?如果不是在C:\WINDOWS\system32底下那就絕對有問題.. x0 |
引用 | 編輯
gunstyle
2007-09-05 09:30 |
8樓
▲ ▼ |
複製程式
2007-09-05,02:14:57 System Repair Engineer 2.5.16.900 Smallfrogs ([url]http://www.KZTechs.com[/url]) Windows XP Professional Service Pack 2 (Build 2600) - 管理許可權用戶 - 完整功能 以下內容被選中: 所有的啟動項目(包括註冊表、開機檔案夾、服務等) 流覽器載入項 正在運行的進程(包括進程模組資訊) 文件關聯 Winsock 提供者 Autorun.inf HOSTS 文件 進程特權掃描 啟動專案 註冊表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <load><> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows Publisher] <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Windows Publisher] <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Windows Publisher] <avgnt><"C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min> [Avira GmbH] <SoundMan><SOUNDMAN.EXE> [(Verified)Microsoft Windows Hardware Compatibility Publisher] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe> [(Verified)Microsoft Windows Publisher] <Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}] <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] <Address Book 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] <N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install> [Microsoft Corporation] ================================== 開機檔案夾 N/A ================================== 服務 [AntiVir PersonalEdition Classic Scheduler / AntiVirScheduler][Running/Auto Start] <"C:\Program Files\AntiVir PersonalEdition Classic\sched.exe"><Avira GmbH> [AntiVir PersonalEdition Classic Guard / AntiVirService][Running/Auto Start] <"C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe"><Avira GmbH> [ASP.NET State Service / aspnet_state][Stopped/Manual Start] <C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation> [Human Interface Device Access / HidServ][Stopped/Disabled] <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A> [PDEngine / PDEngine][Stopped/Manual Start] <"C:\Program Files\Raxco\PerfectDisk\PDEngine.exe"><Raxco Software, Inc.> [PDScheduler / PDSched][Running/Auto Start] <"C:\Program Files\Raxco\PerfectDisk\PDSched.exe"><Raxco Software, Inc.> ================================== 驅動程式 [Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start] <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.> [avgio / avgio][Running/System Start] <\??\C:\Program Files\AntiVir PersonalEdition Classic\avgio.sys><Avira GmbH> [avgntflt / avgntflt][Running/Manual Start] <\??\C:\Program Files\AntiVir PersonalEdition Classic\avgntflt.sys><Avira GmbH> [avipbb / avipbb][Running/System Start] <system32\DRIVERS\avipbb.sys><Avira GmbH> [nv / nv][Running/Manual Start] <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation> [Padus ASPI Shell / pfc][Running/Manual Start] <system32\drivers\pfc.sys><Padus, Inc.> [直接平行連接埠連結驅動程式 / Ptilink][Running/Manual Start] <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.> [Secdrv / Secdrv][Stopped/Manual Start] <system32\DRIVERS\secdrv.sys><N/A> [ssmdrv / ssmdrv][Running/System Start] <system32\DRIVERS\ssmdrv.sys><Avira GmbH> [NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller / yukonwxp][Running/Manual Start] <system32\DRIVERS\yk51x86.sys><Marvell> ================================== 流覽器載入項 [AcroIEHlprObj Class] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated> [NTIECatcher Class] {C56CB6B0-0D96-11D6-8C65-B2868B609932} <C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll, Xi> [ALiBaBar_Helper] {CE439C63-384A-747A-A357-23D96B5D652B} <C:\PROGRA~1\ALiBaBar\ALiBaBar.dll, Alfred, C. S. Li> [ALiBaBar] {0A1375E1-56C2-11D6-8E45-8933A0FB5235} <C:\PROGRA~1\ALiBaBar\ALiBaBar.dll, Alfred, C. S. Li> [AcroIEHlprObj Class] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated> [NTIECatcher Class] {C56CB6B0-0D96-11D6-8C65-B2868B609932} <C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll, Xi> [ALiBaBar_Helper] {CE439C63-384A-747A-A357-23D96B5D652B} <C:\PROGRA~1\ALiBaBar\ALiBaBar.dll, Alfred, C. S. Li> [使用影音傳送帶下載] <C:\Program Files\Xi\NetTransport 2\NTAddLink.html, N/A> [使用影音傳送帶下載全部連結] <C:\Program Files\Xi\NetTransport 2\NTAddList.html, N/A> [剪貼簿文字: 簡 > 繁] <res://C:\Program Files\ALiBaBar\ALiBaBar.dll/RT_HTML/ClipToTrad, N/A> [剪貼簿文字: 繁 > 簡] <res://C:\Program Files\ALiBaBar\ALiBaBar.dll/RT_HTML/ClipToSim, N/A> [網頁: [簡體] 顯示] <res://C:\Program Files\ALiBaBar\ALiBaBar.dll/RT_HTML/PageToSim, N/A> [網頁: [繁體] 顯示] <res://C:\Program Files\ALiBaBar\ALiBaBar.dll/RT_HTML/PageToTrad, N/A> ================================== 正在運行的進程 [PID: 588 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 656 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 680 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 732 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 744 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 912 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 988 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1164 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1248 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1428 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1476 / SYSTEM][C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe] [Avira GmbH, 7.00.00.52] [C:\Program Files\AntiVir PersonalEdition Classic\avevtlog.dll] [Avira GmbH, 7.00.00.18] [C:\Program Files\AntiVir PersonalEdition Classic\guardmsg.dll] [Avira GmbH, 7.00.10.01] [C:\Program Files\AntiVir PersonalEdition Classic\sqlite3.dll] [, 3, 3, 10, 0] [C:\Program Files\AntiVir PersonalEdition Classic\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\AntiVir PersonalEdition Classic\AVPREF.DLL] [Avira GmbH, 7.00.02.01] [C:\Program Files\AntiVir PersonalEdition Classic\SMTPLIB.DLL] [Avira GmbH, 1.2.0.13] [C:\Program Files\AntiVir PersonalEdition Classic\AVEWIN32.DLL] [Avira GmbH, 7.4.0.12] [PID: 1804 / Administrator][C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe] [Avira GmbH, 7.00.04.05] [C:\Program Files\AntiVir PersonalEdition Classic\MFC71U.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\AntiVir PersonalEdition Classic\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\AntiVir PersonalEdition Classic\avgcmxp.dll] [Avira GmbH, 7.00.04.00] [C:\Program Files\AntiVir PersonalEdition Classic\AVWINLL.DLL] [Avira GmbH, 1.0.0.7] [PID: 1824 / Administrator][C:\WINDOWS\SOUNDMAN.EXE] [Realtek Semiconductor Corp., 5.1.0.30] [PID: 1836 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1956 / SYSTEM][C:\Program Files\AntiVir PersonalEdition Classic\sched.exe] [Avira GmbH, 7.00.00.46] [C:\Program Files\AntiVir PersonalEdition Classic\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\AntiVir PersonalEdition Classic\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\AntiVir PersonalEdition Classic\schedr.dll] [Avira GmbH, 7.00.22.00] [C:\Program Files\AntiVir PersonalEdition Classic\avevtlog.dll] [Avira GmbH, 7.00.00.18] [C:\Program Files\AntiVir PersonalEdition Classic\sqlite3.dll] [, 3, 3, 10, 0] [PID: 120 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: DNSRV(bld4act)] [PID: 388 / SYSTEM][C:\Program Files\Raxco\PerfectDisk\PDSched.exe] [Raxco Software, Inc., 6, 0, 0, 34] [C:\Program Files\Raxco\PerfectDisk\PDCommon.dll] [Raxco Software, Inc., 6, 0, 0, 34] [C:\Program Files\Raxco\PerfectDisk\PDLangEN.dll] [Raxco Software, Inc., 6, 0, 0, 34] [C:\Program Files\Raxco\PerfectDisk\PDSchedPS.dll] [Raxco Software, Inc., 6, 0, 0, 34] [C:\Program Files\Raxco\PerfectDisk\PDEnginePS.dll] [Raxco Software, Inc., 6, 0, 0, 34] [C:\Program Files\Common Files\Raxco\AutoUpdps.dll] [Raxco Software, Inc., 6, 0, 0, 5] [PID: 928 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 500 / SYSTEM][C:\WINDOWS\system32\wuauclt.exe] [Microsoft Corporation, 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 2028 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 896 / Administrator][C:\WINDOWS\explorer.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 6.0.1.2003110300] [C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll] [Xi, 1.91.12] [C:\Program Files\Xi\NetTransport 2\MFC42.DLL] [Microsoft Corporation, 6.00.9782.0] [C:\PROGRA~1\ALiBaBar\ALiBaBar.dll] [Alfred, C. S. Li, 4.0.3.0] [C:\Program Files\WinRAR\rarext.dll] [N/A, ] [C:\Program Files\AntiVir PersonalEdition Classic\shlext.dll] [Avira GmbH, 7.00.00.10] [C:\Program Files\AntiVir PersonalEdition Classic\MFC71U.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\AntiVir PersonalEdition Classic\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\Audiodev.dll] [Microsoft Corporation, 5.2.3790.3646 built by: DNSRV(bld4act)] [PID: 1716 / Administrator][C:\Program Files\AntiVir PersonalEdition Classic\avcenter.exe] [Avira GmbH, 7.01.00.05] [C:\Program Files\AntiVir PersonalEdition Classic\MFC71U.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\AntiVir PersonalEdition Classic\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\AntiVir PersonalEdition Classic\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\AntiVir PersonalEdition Classic\ccmainrc.dll] [Avira GmbH, 7.1.1.0] [C:\Program Files\AntiVir PersonalEdition Classic\ccguard.dll] [Avira GmbH, 7.00.01.21] [C:\Program Files\AntiVir PersonalEdition Classic\ccgrdrc.dll] [Avira GmbH, 7.0.2.0] [C:\Program Files\AntiVir PersonalEdition Classic\ccgen.dll] [Avira GmbH, 7.01.00.01] [C:\Program Files\AntiVir PersonalEdition Classic\ccgenrc.dll] [Avira GmbH, 7.1.0.0] [C:\Program Files\AntiVir PersonalEdition Classic\ccprofil.dll] [Avira GmbH, 7.01.00.06] [C:\Program Files\AntiVir PersonalEdition Classic\ccscanrc.dll] [Avira GmbH, 7.01.02.00] [C:\Program Files\AntiVir PersonalEdition Classic\cclic.dll] [Avira GmbH, 7.1.0.1] [C:\Program Files\AntiVir PersonalEdition Classic\cclicrc.dll] [Avira GmbH, 7.1.0.0] [C:\Program Files\AntiVir PersonalEdition Classic\ccquamgr.dll] [Avira GmbH, 7.01.00.05] [C:\Program Files\AntiVir PersonalEdition Classic\ccquarc.dll] [Avira GmbH, 7.1.0.0] [C:\Program Files\AntiVir PersonalEdition Classic\ccreport.dll] [Avira GmbH, 7.01.00.02] [C:\Program Files\AntiVir PersonalEdition Classic\ccreporc.dll] [Avira GmbH, 7.1.1.0] [C:\Program Files\AntiVir PersonalEdition Classic\ccsched.dll] [Avira GmbH, 7.01.00.04] [C:\Program Files\AntiVir PersonalEdition Classic\ccscherc.dll] [Avira GmbH, 7.1.1.0] [C:\Program Files\AntiVir PersonalEdition Classic\ccupdate.dll] [Avira GmbH, 7.01.00.01] [C:\Program Files\AntiVir PersonalEdition Classic\ccupdrc.dll] [Avira GmbH, 7.1.0.2] [C:\Program Files\AntiVir PersonalEdition Classic\ccev.dll] [Avira GmbH, 7.01.00.02] [C:\Program Files\AntiVir PersonalEdition Classic\ccevrc.dll] [Avira GmbH, 7.01.00.01] [C:\WINDOWS\system32\Audiodev.dll] [Microsoft Corporation, 5.2.3790.3646 built by: DNSRV(bld4act)] [PID: 1260 / Administrator][G:\20070820桌面資料\20070813桌面data\sreng2\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900] [G:\20070820桌面資料\20070813桌面data\sreng2\Lang\1028.DLL] [System Repair Engineer, 2.5.16.900] [G:\20070820桌面資料\20070813桌面data\sreng2\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15] ================================== 文件關聯 .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINDOWS\hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 N/A ================================== Autorun.inf [I:\] [AutoRun] open=ntdelect.com ;shell\open=Open(&O) shell\open\Command=ntdelect.com shell\open\Default=1 ;shell\explore=Manager(&X) shell\explore\Command=ntdelect.com ================================== HOSTS 文件 127.0.0.1 localhost ================================== 進程特權掃描 特殊特權被允許: SeLoadDriverPrivilege [PID = 1476, C:\PROGRAM FILES\ANTIVIR PERSONALEDITION CLASSIC\AVGUARD.EXE] 特殊特權被允許: SeLoadDriverPrivilege [PID = 1804, C:\PROGRAM FILES\ANTIVIR PERSONALEDITION CLASSIC\AVGNT.EXE] 特殊特權被允許: SeLoadDriverPrivilege [PID = 1716, C:\PROGRAM FILES\ANTIVIR PERSONALEDITION CLASSIC\AVCENTER.EXE] ================================== API HOOK N/A ================================== 隱藏進程 N/A ================================== x0 |
引用 | 編輯
gunstyle
2007-09-05 09:33 |
9樓
▲ ▼ |
~忘了順便打上來,八樓的se報告是我家電腦的 可我實在是看不出什麼問題,也不知道如何刪毒,現在還不知道我倒底還有中什麼毒,墾請各大大幫忙看看我電腦是出了啥問題啊>"< 是不是全都是nilage木馬惹的禍呢 萬事拜託啦
x0 |
引用 | 編輯
upside
2007-09-05 12:45 |
10樓
▲ ▼ |
Autorun.inf
[I:\] [AutoRun] open=ntdelect.com ;shell\open=Open(&O) shell\open\Command=ntdelect.com shell\open\Default=1 ;shell\explore=Manager(&X) shell\explore\Command=ntdelect.com 這是一種隨身碟病毒 俗稱 KAV0 建議直接更換別套防毒軟體 並更新到最新病毒碼 大都可以查殺此毒 x0 |
引用 | 編輯
gunstyle
2007-09-05 15:12 |
11樓
▲ ▼ |
謝謝大大~~可是我掃毒都會掃到這樣的毒「W32/nilage.A.2」,這個也是KAVO嗎?我爬文後自認為他是木馬,然後我把他寄生的EXE檔隔離後,因為前陣子必須用電腦,然而重灌,就把我所 有的EXE檔給刪掉了 ,害得我現在什麼安裝檔都沒有 ,我現在用的是免費的ANTIVIR防毒,大大有沒有推賤的防毒軟體啊
x0 |
引用 | 編輯
gunstyle
2007-09-05 21:47 |
13樓
▲ ▼ |
感恩!我已經換防軟了,下面是我在掃毒後用se再度掃瞄的,可以幫我看看還有什麼問題嗎感恩
---------------------------------------------------------------------------------------------------------------------------------------------- 複製程式 2007-09-05,21:43:37 System Repair Engineer 2.5.16.900 Smallfrogs ([url]http://www.KZTechs.com[/url]) Windows XP Professional Service Pack 2 (Build 2600) - 管理許可權用戶 - 完整功能 以下內容被選中: 所有的啟動項目(包括註冊表、開機檔案夾、服務等) 流覽器載入項 正在運行的進程(包括進程模組資訊) 文件關聯 Winsock 提供者 Autorun.inf HOSTS 文件 進程特權掃描 啟動專案 註冊表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher] <MsnMsgr><"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background> [(Verified)Microsoft Corporation] <Yahoo! Pager><"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet> [(Verified)Yahoo! Inc.] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <load><> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows Publisher] <SoundMan><SOUNDMAN.EXE> [(Verified)Microsoft Windows Publisher] <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [(Verified)Microsoft Windows Hardware Compatibility Publisher] <nwiz><nwiz.exe /install> [NVIDIA Corporation] <NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit> [(Verified)Microsoft Windows Hardware Compatibility Publisher] <CJIMETIPSYNC><C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync> [(Verified)Microsoft Corporation] <PHIMETIPSYNC><C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync> [(Verified)Microsoft Corporation] <AVP><"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"> [(Verified)Kaspersky Lab] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher] <Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll> [(Verified)Kaspersky Lab] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon] <WinlogonNotify: klogon><C:\WINDOWS\system32\klogon.dll> [(Verified)Kaspersky Lab] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}] <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] <Address Book 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] <N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install> [Microsoft Corporation] ================================== 開機檔案夾 N/A ================================== 服務 [ASP.NET State Service / aspnet_state][Stopped/Manual Start] <C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation> [Kaspersky Internet Security 7.0 / AVP][Running/Auto Start] <"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r><Kaspersky Lab> [Human Interface Device Access / HidServ][Stopped/Disabled] <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A> [NVIDIA Display Driver Service / NVSvc][Running/Auto Start] <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation> [PDEngine / PDEngine][Stopped/Manual Start] <"C:\Program Files\Raxco\PerfectDisk\PDEngine.exe"><Raxco Software, Inc.> [PDScheduler / PDSched][Running/Auto Start] <"C:\Program Files\Raxco\PerfectDisk\PDSched.exe"><Raxco Software, Inc.> ================================== 驅動程式 [Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start] <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.> [kl1 / kl1][Running/Boot Start] <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab> [klif / klif][Running/System Start] <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab> [Kaspersky Anti-Virus NDIS Filter / klim5][Running/Manual Start] <system32\DRIVERS\klim5.sys><Kaspersky Lab> [nv / nv][Running/Manual Start] <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation> [Padus ASPI Shell / pfc][Running/Manual Start] <system32\drivers\pfc.sys><Padus, Inc.> [直接平行連接埠連結驅動程式 / Ptilink][Running/Manual Start] <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.> [Secdrv / Secdrv][Stopped/Manual Start] <system32\DRIVERS\secdrv.sys><N/A> [SVKP / SVKP][Running/Auto Start] <\??\C:\WINDOWS\system32\SVKP.sys><AntiCracking> [NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller / yukonwxp][Running/Manual Start] <system32\DRIVERS\yk51x86.sys><Marvell> ================================== 流覽器載入項 [AcroIEHlprObj Class] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated> [Windows Live Sign-in Helper] {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation> [NTIECatcher Class] {C56CB6B0-0D96-11D6-8C65-B2868B609932} <C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll, Xi> [網頁防護統計] {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll, Kaspersky Lab> [參考資料(&R)] {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation> [a-squared Scanner] {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} <C:\WINDOWS\DOWNLO~1\asquared.ocx, Emsi Software GmbH> [AcroIEHlprObj Class] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated> [Windows Media Player] {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [Windows Live Sign-in Helper] {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation> [NTIECatcher Class] {C56CB6B0-0D96-11D6-8C65-B2868B609932} <C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll, Xi> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.> [使用影音傳送帶下載] <C:\Program Files\Xi\NetTransport 2\NTAddLink.html, N/A> [使用影音傳送帶下載全部連結] <C:\Program Files\Xi\NetTransport 2\NTAddList.html, N/A> [剪貼簿文字: 簡 > 繁] <res://C:\Program Files\ALiBaBar\ALiBaBar.dll/RT_HTML/ClipToTrad, N/A> [剪貼簿文字: 繁 > 簡] <res://C:\Program Files\ALiBaBar\ALiBaBar.dll/RT_HTML/ClipToSim, N/A> [匯出至 Microsoft Office Excel(&X)] <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A> [新增至廣告橫幅防護] <C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm, N/A> [網頁: [簡體] 顯示] <res://C:\Program Files\ALiBaBar\ALiBaBar.dll/RT_HTML/PageToSim, N/A> [網頁: [繁體] 顯示] <res://C:\Program Files\ALiBaBar\ALiBaBar.dll/RT_HTML/PageToTrad, N/A> ================================== 正在運行的進程 [PID: 976 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1068 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1152 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.125] [C:\WINDOWS\system32\klogon.dll] [Kaspersky Lab, 7.0.0.125] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 1196 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1208 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll] [Kaspersky Lab, 7.0.0.125] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.125] [PID: 1376 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.125] [PID: 1484 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll] [Kaspersky Lab, 7.0.0.125] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.125] [PID: 1600 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.125] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\adialhk.dll] [Kaspersky Lab, 7.0.0.125] [C:\WINDOWS\system32\wups2.dll] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)] [PID: 1700 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.125] [PID: 1796 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1980 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll] [Kaspersky Lab, 7.0.0.125] [C:\WINDOWS\system32\mdimon.dll] [Microsoft Corporation, 11.3.1897.0] [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.1897.0] [PID: 380 / Administrator][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.125] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\scrchpg.dll] [Kaspersky Lab, 7.0.0.125] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\adialhk.dll] [Kaspersky Lab, 7.0.0.125] [C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 6.0.1.2003110300] [C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll] [Xi, 1.91.12] [C:\Program Files\Xi\NetTransport 2\MFC42.DLL] [Microsoft Corporation, 6.00.9782.0] [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510] [PID: 572 / Administrator][C:\WINDOWS\SOUNDMAN.EXE] [Realtek Semiconductor Corp., 5.1.0.30] [PID: 600 / Administrator][C:\WINDOWS\system32\RUNDLL32.EXE] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\NvMcTray.dll] [NVIDIA Corporation, 6.14.10.6085] [PID: 636 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 644 / Administrator][C:\Program Files\MSN Messenger\MsnMsgr.Exe] [Microsoft Corporation, 8.1.0178.00] [C:\Program Files\MSN Messenger\MSNCore.dll] [Microsoft Corporation, 8.1.0178.00] [C:\Program Files\MSN Messenger\msidcrl40.dll] [Microsoft Corporation, 4.100.313.1] [C:\Program Files\MSN Messenger\ContactsUX.dll] [Microsoft Corporation, 8.1.0178.00] [C:\Program Files\MSN Messenger\msgslang.8.1.0178.00.dll] [Microsoft Corporation, 8.1.0178.00] [C:\Program Files\MSN Messenger\msgsres.dll] [Microsoft Corporation, 8.1.0178.00] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.125] [C:\Program Files\MSN Messenger\MSGSWCAM.dll] [Microsoft Corporation, 8.1.0178.00] [C:\WINDOWS\system32\sirenacm.dll] [Microsoft Corp., 8.1.0178.00] [C:\WINDOWS\system32\msdmo.dll] [, ] [C:\Program Files\MSN Messenger\lmcdata.dll] [Microsoft Corporation, 8.1.0178.00] [C:\Program Files\MSN Messenger\contact.dll] [Microsoft Corporation, 8.1.0178.00] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll] [Kaspersky Lab, 7.0.0.125] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\adialhk.dll] [Kaspersky Lab, 7.0.0.125] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\scrchpg.dll] [Kaspersky Lab, 7.0.0.125] [C:\Program Files\MSN Messenger\dfsr.dll] [Microsoft Corporation, 8.1.0178.00] [C:\Program Files\MSN Messenger\abssm.dll] [Microsoft Corporation, 8.1.0178.00] [C:\Program Files\MSN Messenger\usnsvcps.dll] [Microsoft Corporation, 8.1.0178.00] [C:\Program Files\MSN Messenger\custsat.dll] [Microsoft Corporation, 9.0.3790.2428 (srv03_sp1_qfe.050422-1043)] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\klscav.dll] [Kaspersky Lab, 7.0.0.125] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\prremote.dll] [Kaspersky Lab, 7.0.0.125] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\prloader.dll] [Kaspersky Lab, 7.0.0.125] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\prkernel.ppl] [Kaspersky Lab, 7.0.0.125] [c:\program files\kaspersky lab\kaspersky internet security 7.0\params.ppl] [Kaspersky Lab, 7.0.0.125] [c:\program files\kaspersky lab\kaspersky internet security 7.0\pxstub.ppl] [Kaspersky Lab, 7.0.0.125] [c:\program files\kaspersky lab\kaspersky internet security 7.0\tempfile.ppl] [Kaspersky Lab, 7.0.0.125] [C:\WINDOWS\system32\MSTCIPHA.IME] [Microsoft Corporation, 6.5.5515.0] [C:\WINDOWS\system32\LIUNT.IME] [Microsoft Corporation, 4.00.950] [PID: 712 / SYSTEM][C:\WINDOWS\system32\nvsvc32.exe] [NVIDIA Corporation, 6.14.10.6085] [PID: 556 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: DNSRV(bld4act)] [PID: 1108 / SYSTEM][C:\Program Files\Raxco\PerfectDisk\PDSched.exe] [Raxco Software, Inc., 6, 0, 0, 34] [C:\Program Files\Raxco\PerfectDisk\PDCommon.dll] [Raxco Software, Inc., 6, 0, 0, 34] [C:\Program Files\Raxco\PerfectDisk\PDLangEN.dll] [Raxco Software, Inc., 6, 0, 0, 34] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.125] [C:\Program Files\Raxco\PerfectDisk\PDSchedPS.dll] [Raxco Software, Inc., 6, 0, 0, 34] [C:\Program Files\Raxco\PerfectDisk\PDEnginePS.dll] [Raxco Software, Inc., 6, 0, 0, 34] [C:\Program Files\Common Files\Raxco\AutoUpdps.dll] [Raxco Software, Inc., 6, 0, 0, 5] [PID: 1672 / Administrator][C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe] [Yahoo! Inc., 8,1,0,0] [C:\PROGRA~1\Yahoo!\MESSEN~1\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\PROGRA~1\Yahoo!\MESSEN~1\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Yahoo!\Shared\YbSkin2.dll] [Yahoo! Inc., 2006, 10, 11, 1] [C:\PROGRA~1\Yahoo!\MESSEN~1\res_msgr.dll] [Yahoo! Inc., 8,5,0,1] [PID: 2184 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 3808 / SYSTEM][C:\Program Files\MSN Messenger\usnsvc.exe] [Microsoft Corporation, 8.1.0178.00] [C:\Program Files\MSN Messenger\usnsvcps.dll] [Microsoft Corporation, 8.1.0178.00] [PID: 3460 / Administrator][C:\Program Files\Mozilla Firefox\firefox.exe] [Mozilla Corporation, 1.8.1: 2006101023] [C:\Program Files\Mozilla Firefox\js3250.dll] [Netscape Communications Corporation, 4.0] [C:\Program Files\Mozilla Firefox\nspr4.dll] [Netscape Communications Corporation, 4.6.3] [C:\Program Files\Mozilla Firefox\xpcom_core.dll] [Mozilla Foundation, 1.8.1: 2006101023] [C:\Program Files\Mozilla Firefox\plc4.dll] [Netscape Communications Corporation, 4.6.3] [C:\Program Files\Mozilla Firefox\plds4.dll] [Netscape Communications Corporation, 4.6.3] [C:\Program Files\Mozilla Firefox\smime3.dll] [Mozilla Foundation, 3.11.3 Basic ECC] [C:\Program Files\Mozilla Firefox\nss3.dll] [Mozilla Foundation, 3.11.3 Basic ECC] [C:\Program Files\Mozilla Firefox\softokn3.dll] [Mozilla Foundation, 3.11.3 Basic ECC] [C:\Program Files\Mozilla Firefox\ssl3.dll] [Mozilla Foundation, 3.11.3 Basic ECC] [C:\Program Files\Mozilla Firefox\xpcom_compat.dll] [Mozilla Foundation, 1.8.1: 2006101023] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.125] [C:\Program Files\Mozilla Firefox\components\myspell.dll] [Mozilla Foundation, 1.8.1: 2006101023] [C:\Program Files\Mozilla Firefox\components\jar50.dll] [Mozilla Foundation, 1.8.1: 2006101023] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll] [Kaspersky Lab, 7.0.0.125] [C:\Program Files\Mozilla Firefox\components\spellchk.dll] [Mozilla Foundation, 1.8.1: 2006101023] [C:\Program Files\Mozilla Firefox\freebl3.dll] [Mozilla Foundation, 3.11.3 Basic ECC] [C:\Program Files\Mozilla Firefox\nssckbi.dll] [Mozilla Foundation, 1.62] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll] [, ] [C:\WINDOWS\system32\Macromed\Common\SwSupport.dll] [Macromedia, Inc., 10.0r210] [C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8qayjb64.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\plugins\npietab.dll] [ , 1, 0, 9, 1] [C:\Program Files\Mozilla Firefox\xpcom.dll] [Mozilla Foundation, 1.8.1: 2006101023] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\scrchpg.dll] [Kaspersky Lab, 7.0.0.125] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\adialhk.dll] [Kaspersky Lab, 7.0.0.125] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\klscav.dll] [Kaspersky Lab, 7.0.0.125] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\prremote.dll] [Kaspersky Lab, 7.0.0.125] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\prloader.dll] [Kaspersky Lab, 7.0.0.125] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\prkernel.ppl] [Kaspersky Lab, 7.0.0.125] [c:\program files\kaspersky lab\kaspersky internet security 7.0\params.ppl] [Kaspersky Lab, 7.0.0.125] [c:\program files\kaspersky lab\kaspersky internet security 7.0\pxstub.ppl] [Kaspersky Lab, 7.0.0.125] [c:\program files\kaspersky lab\kaspersky internet security 7.0\tempfile.ppl] [Kaspersky Lab, 7.0.0.125] [C:\WINDOWS\system32\javacypt.dll] [Microsoft Corporation, 5.00.3810] [C:\WINDOWS\system32\msjava.dll] [Microsoft Corporation, 5.00.3810] [C:\WINDOWS\system32\VMHELPER.DLL] [Microsoft Corporation, 5.00.3810] [C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx] [Adobe Systems, Inc., 9,0,45,0] [C:\WINDOWS\system32\JIT.DLL] [Microsoft Corporation, 5.00.3810] [C:\WINDOWS\system32\javart.dll] [Microsoft Corporation, 5.00.3810] [PID: 4072 / Administrator][C:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 2076 / Administrator][F:\Warcraft III私輔\War3.exe] [evaxp.com kenshin, 1, 21, 0, 6263] [F:\Warcraft III私輔\storm.dll] [Blizzard Entertainment, 1.09] [F:\Warcraft III私輔\mss32.dll] [N/A, ] [F:\Warcraft III私輔\w3lh.dll] [N/A, ] [F:\Warcraft III私輔\Game.dll] [Blizzard Entertainment, 1, 21, 0, 6263] [F:\Warcraft III私輔\ijl15.dll] [Intel Corporation, 1,5,4,36] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.125] [F:\Warcraft III私輔\redist\miles\Mp3dec.asi] [N/A, ] [F:\Warcraft III私輔\redist\miles\Mssdolby.m3d] [N/A, ] [F:\Warcraft III私輔\redist\miles\Msseax2.m3d] [N/A, ] [F:\Warcraft III私輔\redist\miles\Mssfast.m3d] [N/A, ] [F:\Warcraft III私輔\redist\miles\Reverb3.flt] [N/A, ] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll] [Kaspersky Lab, 7.0.0.125] [PID: 3676 / Administrator][G:\20070820桌面資料\sreng2\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900] [G:\20070820桌面資料\sreng2\Lang\1028.DLL] [System Repair Engineer, 2.5.16.900] [G:\20070820桌面資料\sreng2\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.125] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\adialhk.dll] [Kaspersky Lab, 7.0.0.125] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll] [Kaspersky Lab, 7.0.0.125] ================================== 文件關聯 .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINDOWS\hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 N/A ================================== Autorun.inf N/A ================================== HOSTS 文件 127.0.0.1 localhost ================================== 進程特權掃描 特殊特權被允許: SeLoadDriverPrivilege [PID = 1108, C:\PROGRAM FILES\RAXCO\PERFECTDISK\PDSCHED.EXE] 特殊特權被允許: SeLoadDriverPrivilege [PID = 3460, C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE] 特殊特權被允許: SeLoadDriverPrivilege [PID = 2076, F:\WARCRAFT III私輔\WAR3.EXE] ================================== API HOOK RVA 錯誤: LoadLibraryA (危險等級: 高, 被下麵模組所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys) RVA 錯誤: LoadLibraryExA (危險等級: 高, 被下麵模組所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys) RVA 錯誤: LoadLibraryExW (危險等級: 高, 被下麵模組所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys) RVA 錯誤: LoadLibraryW (危險等級: 高, 被下麵模組所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys) RVA 錯誤: GetProcAddress (危險等級: 高, 被下麵模組所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys) ================================== 隱藏進程 N/A ================================== x0 |
引用 | 編輯
gunstyle
2007-09-06 01:28 |
15樓
▲ |
那可以請問一下嗎
API HOOK RVA 錯誤: LoadLibraryA (危險等級: 高, 被下麵模組所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys) RVA 錯誤: LoadLibraryExA (危險等級: 高, 被下麵模組所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys) RVA 錯誤: LoadLibraryExW (危險等級: 高, 被下麵模組所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys) RVA 錯誤: LoadLibraryW (危險等級: 高, 被下麵模組所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys) RVA 錯誤: GetProcAddress (危險等級: 高, 被下麵模組所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys) 是什麼意思啊 x0 |