【求助】Trojan-Downloader.Win32.Agent.bbb病毒。且电脑关机后自动重启 bbs.ikaka.com

我是花火 - 2007-6-13 19:04:00

电脑关机后自动重启，只能进安全模式下关机。
卡吧司机每次开机都查到Trojan-Downloader.Win32.Agent.bbb这个病毒。提示重启后删除，却删不掉。

扫了日志。请高手帮助：
[CODE]

2007-06-13,18:48:34

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 1 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe> [(Verified)Microsoft Windows XP Publisher]
<swg><C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe> [(Verified)Google Inc]
<eMuleAutoStart><; D:\Program Files\eMule\eMule.exe -AutoStart> [http://www.emule-project.net]
<MSMSGS><; "C:\Program Files\Messenger\msmsgs.exe" /background> [(Verified)Microsoft Windows XP Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
<run><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows XP Publisher]
<PHIME2002ASync><; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Windows XP Publisher]
<PHIME2002A><; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Windows XP Publisher]
<SoundMan><SOUNDMAN.EXE> [(Verified)Microsoft Windows XP Publisher]
<IgfxTray><; C:\WINDOWS\System32\igfxtray.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<HotKeysCmds><; C:\WINDOWS\System32\hkcmd.exe> [(Verified)Microsoft Windows XP Publisher]
<KAVPersonal50><"d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize> [Kaspersky Lab]
<TkBellExe><; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<WangWang><; "D:\Program Files\Alisoft\WangWang\WangWang.EXE"> [阿里巴巴软件（上海）有限公司]
<SysTdSvr><; "C:\WINDOWS\System32\Rundll32.exe" "C:\WINDOWS\System32\SysTdSvr.dll",Start> []
<hqghumeay><"C:\WINDOWS\System32\Rundll32.exe" "C:\WINDOWS\System32\cdnprh.dll",Start> []
<hfopykyydlzbhcj><#D;]XJOEPXT]Tztufn43]Svoemm43/fyf#!#D;]XJOEPXT]Tztufn43]deoqsi/emm#-Tubsu> [N/A]
<qmp><#D;]XJOEPXT]Tztufn43]Svoemm43/fyf#!#D;]XJOEPXT]Tztufn43]deoqsi/emm#-Tubsu> [N/A]
<owraitzvvlk><#D;]XJOEPXT]Tztufn43]Svoemm43/fyf#!#D;]XJOEPXT]Tztufn43]deoqsi/emm#-Tubsu> [N/A]
<jxeqotsoyvbr><#D;]XJOEPXT]Tztufn43]Svoemm43/fyf#!#D;]XJOEPXT]Tztufn43]deoqsi/emm#-Tubsu> [N/A]
<cv><#D;]XJOEPXT]Tztufn43]Svoemm43/fyf#!#D;]XJOEPXT]Tztufn43]deoqsi/emm#-Tubsu> [N/A]
<cixqxrikhbduvi><#D;]XJOEPXT]Tztufn43]Svoemm43/fyf#!#D;]XJOEPXT]Tztufn43]deoqsi/emm#-Tubsu> [N/A]
<qkpdsx><#D;]XJOEPXT]Tztufn43]Svoemm43/fyf#!#D;]XJOEPXT]Tztufn43]deoqsi/emm#-Tubsu> [N/A]
<UnlockerAssistant><"D:\Program Files\Unlocker\UnlockerAssistant.exe"> []
<so><#D;]XJOEPXT]Tztufn43]Svoemm43/fyf#!#D;]XJOEPXT]Tztufn43]deoqsi/emm#-Tubsu> [N/A]
<vwu><#D;]XJOEPXT]Tztufn43]Svoemm43/fyf#!#D;]XJOEPXT]Tztufn43]deoqsi/emm#-Tubsu> [N/A]
<oshwfcrqzbyuhh><#D;]XJOEPXT]Tztufn43]Svoemm43/fyf#!#D;]XJOEPXT]Tztufn43]deoqsi/emm#-Tubsu> [N/A]
<fotogv><#D;]XJOEPXT]Tztufn43]Svoemm43/fyf#!#D;]XJOEPXT]Tztufn43]deoqsi/emm#-Tubsu> [N/A]
<zeozchyinu><#D;]XJOEPXT]Tztufn43]Svoemm43/fyf#!#D;]XJOEPXT]Tztufn43]deoqsi/emm#-Tubsu> [N/A]
<qzcbrms><#D;]XJOEPXT]Tztufn43]Svoemm43/fyf#!#D;]XJOEPXT]Tztufn43]deoqsi/emm#-Tubsu> [N/A]
<ggoaj><#D;]XJOEPXT]Tztufn43]Svoemm43/fyf#!#D;]XJOEPXT]Tztufn43]deoqsi/emm#-Tubsu> [N/A]
<violcuakmkclgpq><#D;]XJOEPXT]Tztufn43]Svoemm43/fyf#!#D;]XJOEPXT]Tztufn43]deoqsi/emm#-Tubsu> [N/A]

我是花火 - 2007-6-13 19:05:00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<MSDEG32><LYLoader.exe> [N/A]
<MSDWG32><LYLoadbr.exe> [N/A]
<MSDCG32 ><LYLeador.exe> [N/A]
<MSDOG32><LYLoador.exe> [N/A]
<MSDSG32><LYLoadar.exe> [N/A]
<MSDMG32><LYLoadmr.exe> [N/A]
<MSDHG32><LYLoadhr.exe> [N/A]
<MSDQG32><LYLoadqr.exe> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows XP Publisher]
<Userinit><C:\WINDOWS\System32\userinit.exe,> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows XP Publisher]

==================================
启动文件夹
[CAJViewer Preload]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\CAJViewer Preload.lnk --> D:\PROGRA~1\TTKN\CAJVIE~1.0\CAJVIE~2.EXE [Tsinghua Tongfang Knowledge Network Technology(Beijing) Co., Ltd.]><H>
[Adobe Gamma Loader]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Gamma Loader.lnk --> C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [Adobe Systems, Inc.]><N>

==================================
服务
[Adobe LM Service / Adobe LM Service][Stopped/Manual Start]
<"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[Google Updater Service / gusvc][Stopped/Manual Start]
<"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
[kavsvc / kavsvc][Running/Auto Start]
<"d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe"><Kaspersky Lab>
[Network IPSEC Connections / Mercha2][Running/Auto Start]
<C:\WINDOWS\SYSTEM32\RUNDLLFOROUR.EXE C:\WINDOWS\SYSTEM32\WBEM\LMOBC.DLL,Export 1087><Microsoft Corporation>
[Win32 Debug Service / MSDebugsvc][Stopped/Auto Start]
<C:\WINDOWS\System32\rundll32.exe msdebug.dll,input><Microsoft Corporation>
[Network DDC / Windowsdate][Stopped/Auto Start]
<><N/A>

==================================
驱动程序
[acpidisk / acpidisk][Running/Auto Start]
<\??\C:\WINDOWS\System32\drivers\acpidisk.sys><N/A>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[avjhfw7 / avjhfw70][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\avjhfw70.sys><N/A>
[bwzjeo6 / bwzjeo64][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\bwzjeo64.sys><N/A>
[ddqwom9 / ddqwom92][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\ddqwom92.sys><N/A>
[ejimhv2 / ejimhv26][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\ejimhv26.sys><N/A>
[elrran19 / elrran19][Stopped/Boot Start]
<\SystemRoot\system32\\drivers\\elrran19.sys><N/A>
[ggyqcg3 / ggyqcg33][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\ggyqcg33.sys><N/A>
[gwkxch2 / gwkxch20][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\gwkxch20.sys><Microsoft Corporation>
[ialm / ialm][Running/Manual Start]
<System32\DRIVERS\ialmnt5.sys><Intel Corporation>
[IdeBusDr / IdeBusDr][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\IdeBusDr.sys><Intel Corporation>
[Intel(R) Ultra ATA Controller / IdeChnDr][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\IdeChnDr.sys><Intel Corporation>
[ifmnyy5 / ifmnyy53][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\ifmnyy53.sys><N/A>
[ipdbldr / ipdbldrv][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\ipdbldrv.sys><N/A>
[jgdegfhh / jgdegfhh][Stopped/Boot Start]
<\SystemRoot\system32\drivers\jgdegfhh.sys><N/A>
[kfupdn6 / kfupdn65][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\kfupdn65.sys><N/A>
[Kl1 / Kl1][Running/Boot Start]
<\SystemRoot\System32\drivers\kl1.sys><Kaspersky Lab>
[Klif / Klif][Running/System Start]
<System32\drivers\klif.sys><Kaspersky Labs>
[Klmc / Klmc][Running/System Start]
<System32\drivers\klmc.sys><Kaspersky Lab>
[KWATCH / KWATCH][Stopped/Manual Start]
<\??\C:\KAV2003\KWATCH.SYS><N/A>
[kyym / kyyme][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\kyyme.sys><N/A>
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
<system32\drivers\npf.sys><CACE Technologies>
[oglgkej / oglgkej][Running/Boot Start]
<\SystemRoot\\SystemRoot\System32\drivers\oglgkej.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[qjhjtf5 / qjhjtf54][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\qjhjtf54.sys><N/A>
[rowwow7 / rowwow76][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\rowwow76.sys><N/A>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
<System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
<System32\DRIVERS\secdrv.sys><N/A>
[Intel (R) System Managment BIOS Service / SMBios][Running/Manual Start]
<System32\DRIVERS\SMBios.sys><Intel Corporation>
[SysTdSvr / SysTdSvr][Stopped/Boot Start]
<\SystemRoot\system32\\drivers\\SysTdSvr.sys><N/A>
[tfkxyw6 / tfkxyw60][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\tfkxyw60.sys><N/A>
[TSP / TSP][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Labs>
[tviarm88 / tviarm88][Stopped/Boot Start]
<\SystemRoot\system32\\drivers\\tviarm88.sys><N/A>
[xmoqhm4 / xmoqhm43][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\xmoqhm43.sys><N/A>
[zduvof0 / zduvof04][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\zduvof04.sys><N/A>
[Intel(R) Graphics Platform (SoftBIOS) Driver / {6080A529-897E-4629-A488-ABA0C29B635E}][Running/System Start]
<system32\drivers\ialmsbw.sys><Intel Corporation>
[Intel(R) Graphics Chipset (KCH) Driver / {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}][Running/Manual Start]
<system32\drivers\ialmkchw.sys><Intel Corporation>
[vzfngh14 / vzfngh14][Stopped/Boot Start]
<\SystemRoot\system32\\drivers\\vzfngh14.sys><N/A>

我是花火 - 2007-6-13 19:05:00

浏览器加载项
[LpkHlpr Class]
{00C104F7-0F5C-470C-ABCF-A5B2E70752F1} <C:\WINDOWS\system32\wtlhlp.dll, Microsoft Corporation>
[Google Toolbar Helper]
{AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[启动迅雷5]
{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <d:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[Yahoo 3.5G电邮]
{507F9113-CD77-4866-BA92-0E86DA3D0B97} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail, N/A>
[名品折扣]
{59BC54A2-56B3-44a0-93E5-432D58746E26} <http://adtaobao.allyes.com/main/adfclick?db=adtaobao&bid=138,140,18&cid=816,8,1&sid=5042&show=ignore&url=http://www.taobao.com/vertical/mall/pro.php?allyesPara=816, N/A>
[雅虎助手]
{5D73EE86-05F1-49ed-B850-E423120EC338} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist, N/A>
[雅虎WIDGET]
{6354ABE6-05F1-49ed-B850-E423120EC338} <http://cn.widget.yahoo.com/index.htm?source=Cns, N/A>
[@shdoclc.dll,-866]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[情景聊天]
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} <http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/, N/A>
[]
{ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair, N/A>
[]
{FD00D911-7529-4084-9946-A29F1BDF4FE5} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean, N/A>
[电台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[&Google]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[Edit Class]
{0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <C:\WINDOWS\System32\CMBEdit.dll, >
[iTrusPTA Class]
{1E0DFFCF-27FF-4574-849B-55007349FEDA} <C:\WINDOWS\System32\aliedit\pta.dll, >
[KooPlayer Control]
{5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} <C:\WINDOWS\DOWNLO~1\KOOPLA~1.OCX, Koos>
[XML DOM Document 4.0]
{88D969C0-F192-11D4-A65F-0040963251E5} <%SystemRoot%\System32\msxml4.dll, N/A>
[GLWebAvt Control]
{C14D003A-DA41-4FEE-8204-62A94EAA29D1} <C:\WINDOWS\DOWNLO~1\GLWebAvt.ocx, >
[WangWangObj Class]
{6E213FC7-DD5A-4115-B7E6-D4C7838C361E} <D:\Program Files\Alisoft\WangWang\WangWangX4.dll, 阿里软件（中国）有限公司>
[使用迅雷下载]
<d:\Program Files\Thunder Network\Thunder\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
<d:\Program Files\Thunder Network\Thunder\Program\getallurl.htm, N/A>

==================================
正在运行的进程
[PID: 532][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 644][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 668][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\JJN.IME] [加加在线, 3.11.0.0]
[C:\WINDOWS\System32\winlib .dll] [N/A, ]
[C:\WINDOWS\System32\wdmaud.drv] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[C:\WINDOWS\System32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1896][C:\Program Files\JJOL\IME\JJSvr.EXE] [加加在线, 3.11.0.1]
[C:\WINDOWS\System32\JJN.IME] [加加在线, 3.11.0.0]
[PID: 1956][C:\WINDOWS\SOUNDMAN.EXE] [Realtek Semiconductor Corp., 5.1.00]
[C:\WINDOWS\System32\JJN.IME] [加加在线, 3.11.0.0]
[PID: 1980][D:\Program Files\Unlocker\UnlockerAssistant.exe] [N/A, ]
[D:\Program Files\Unlocker\UnlockerHook.dll] [N/A, ]
[C:\WINDOWS\System32\JJN.IME] [加加在线, 3.11.0.0]
[PID: 1988][C:\WINDOWS\System32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\JJN.IME] [加加在线, 3.11.0.0]
[D:\Program Files\Unlocker\UnlockerHook.dll] [N/A, ]
[PID: 1996][C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe] [Google Inc., 1, 2, 1128, 5462]
[C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\res_en.dll] [Google Inc., 1, 2, 1128, 5462]
[C:\WINDOWS\System32\JJN.IME] [加加在线, 3.11.0.0]
[C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\swg.dll] [Google Inc., 1, 2, 1128, 5462]
[D:\Program Files\Unlocker\UnlockerHook.dll] [N/A, ]
[PID: 728][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[D:\Program Files\Unlocker\UnlockerHook.dll] [N/A, ]
[C:\WINDOWS\System32\JJN.IME] [加加在线, 3.11.0.0]
[c:\program files\google\googletoolbar2.dll] [Google Inc., 4, 0, 1601, 4978]
[C:\WINDOWS\system32\wtlhlp.dll] [Microsoft Corporation, 1, 0, 2, 0]
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\scrchpg.dll] [Kaspersky Lab, 5.0.1.18]
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\scrch_ag.dll] [Kaspersky Lab, 5.0.388.1]
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\FSSync.dll] [Kaspersky Lab, 5.0.388.0]
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\pr_rmt.dll] [Kaspersky Lab, 5.0.388.0]
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\ccclient.dll] [Kaspersky Lab, 5.0.388.1]
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\klipc.dll] [Kaspersky Lab, 5.0.388.0]
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\KLUtil.dll] [Kaspersky Lab, 5.0.388.1]
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\rpt.dll] [Kaspersky Lab, 5.0.388.2]
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\CCIFACE.dll] [Kaspersky Lab, 5.0.388.1]
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\prloader.dll] [Kaspersky Lab, 5.0.388.0]
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\prkernel.ppl] [Kaspersky Lab, 5.0.388.0]
[d:\program files\kaspersky lab\kaspersky anti-virus personal\prstring.ppl] [Kaspersky Lab, 5.0.388.0]
[d:\program files\kaspersky lab\kaspersky anti-virus personal\pr_srv.ppl] [Kaspersky Lab, 5.0.388.0]
[d:\program files\kaspersky lab\kaspersky anti-virus personal\pr_clnt.ppl] [Kaspersky Lab, 5.0.388.0]
[d:\program files\kaspersky lab\kaspersky anti-virus personal\tempfile.ppl] [Kaspersky Lab, 5.0.388.0]
[C:\WINDOWS\System32\Macromed\Flash\Flash9b.ocx] [Adobe Systems, Inc., 9,0,21,75]
[C:\WINDOWS\System32\wdmaud.drv] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[C:\WINDOWS\System32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 2140][C:\WINDOWS\System32\wuauclt.exe] [Microsoft Corporation, 5.4.3630.1106 (xpsp1.020828-1920)]
[D:\Program Files\Unlocker\UnlockerHook.dll] [N/A, ]
[C:\WINDOWS\System32\JJN.IME] [加加在线, 3.11.0.0]
[PID: 3556][C:\WINDOWS\explorer.exe] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[D:\Program Files\Unlocker\UnlockerHook.dll] [N/A, ]
[C:\WINDOWS\System32\JJN.IME] [加加在线, 3.11.0.0]
[C:\WINDOWS\System32\wdmaud.drv] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[C:\WINDOWS\System32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\SYSTEM32\WBEM\LMOBC.DLL] [Microsoft Corporation, 5, 1, 2600, 2709]
[D:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0]
[PID: 2504][C:\Documents and Settings\Administrator\桌面\sreng2\SREng.EXE] [Smallfrogs Studio, 2.4.12.806]
[D:\Program Files\Unlocker\UnlockerHook.dll] [N/A, ]
[C:\WINDOWS\System32\JJN.IME] [加加在线, 3.11.0.0]

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 localhost

==================================
API HOOK
RVA 错误： LoadLibraryA (危险等级: 一般, 被下面模块所HOOK: Dest Addr: 0xB2E636E0)
RVA 错误： LoadLibraryExA (危险等级: 一般, 被下面模块所HOOK: Dest Addr: 0xB2E63820)
RVA 错误： LoadLibraryExW (危险等级: 一般, 被下面模块所HOOK: Dest Addr: 0xB2E638E0)
RVA 错误： LoadLibraryW (危险等级: 一般, 被下面模块所HOOK: Dest Addr: 0xB2E63780)

==================================
隐藏进程
[1425] d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
[1965] D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe

==================================

[/CODE]

瑞星卡卡安全论坛