启动项目


注册表

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
(ctfmon.exe)(; C:\WINDOWS\system32\ctfmon.exe) [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
(load)() [N/A]
(run)() [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
(IMJPMIG8.1)(; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32) [(Verified)Microsoft Corporation]
(PHIME2002ASync)(; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC) [(Verified)Microsoft Corporation]
(PHIME2002A)(; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName) [(Verified)Microsoft Corporation]
(Cmaudio)(RunDll32 cmicnfg.cpl,CMICtrlWnd) [N/A]
(ATIPTA)(; C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe) [ATI Technologies, Inc.]
(TkBellExe)("C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot) [RealNetworks, Inc.]
(SKYNET Personal FireWall)(; C:\PROGRA~1\SkyNet\Firewall\pfw.exe) [广州众达天网技术有限公司]
(Install Alitalk)(; C:\WINDOWS\temp\alitalk\alitalk.exe -hideframe) [N/A]
(windowstime.exe)(C:\WINDOWS\system32\windowstime.exe) [N/A]
(kis)("C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe") [Kaspersky Lab]
(wlzs2)(C:\DOCUME~1\JACKIE~1\LOCALS~1\Temp\wlzs2.exe) [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
(shell)(Explorer.exe) [(Verified)Microsoft Corporation]
(Userinit)(C:\WINDOWS\system32\userinit.exe,) [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
(AppInit_DLLs)(C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll) [Kaspersky Lab]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
(UIHost)(logonui.exe) [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
(WinlogonNotify: klogon)(C:\WINDOWS\system32\klogon.dll) [Kaspersky Lab]




--------------------------------------------------------------------------------



启动文件夹

[Microsoft Office]
(C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Microsoft Office.lnk --) C:\PROGRA~1\MICROS~2\Office\OSA9.EXE [Microsoft Corporation])(N)



--------------------------------------------------------------------------------



服务

[Ati HotKey Poller / Ati HotKey Poller]
(C:\WINDOWS\system32\Ati2evxx.exe)(N/A)
[ATI Smart / ATI Smart]
(C:\WINDOWS\system32\ati2sgag.exe)()
[卡巴斯基互联网安全套装 6.0 / AVP]
("C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r)(Kaspersky Lab)
[ewido anti-spyware 4.0 guard / ewido anti-spyware 4.0 guard]
(C:\Program Files\ewido anti-spyware 4.0\guard.exe)(Anti-Malware Development a.s.)
[Human Interface Device Access / HidServ]
(C:\WINDOWS\System32\svchost.exe -k netsvcs--)%SystemRoot%\System32\hidserv.dll)(N/A)
[Macromedia Licensing Service / Macromedia Licensing Service]
("C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe")(N/A)



--------------------------------------------------------------------------------



驱动程序

[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc]
(system32\drivers\ac97intc.sys)(Intel Corporation)
[ati2mtag / ati2mtag]
(system32\DRIVERS\ati2mtag.sys)(ATI Technologies Inc.)
[C-Media WDM Audio Interface / cmuda]
(system32\drivers\cmuda.sys)(C-Media Inc)
[ewido anti-spyware 4.0 driver / ewido anti-spyware 4.0 driver]
(\??\C:\Program Files\ewido anti-spyware 4.0\guard.sys)(N/A)
[kl1 / kl1]
(\SystemRoot\system32\drivers\kl1.sys)(Kaspersky Lab)
[klif / klif]
(\??\C:\WINDOWS\system32\drivers\klif.sys)(Kaspersky Lab)
[npkcrypt / npkcrypt]
(\??\D:\C盘\QQ2003III丐丐版\qq\npkcrypt.sys)(INCA Internet Co., Ltd.)
[Direct Parallel Link Driver / Ptilink]
(system32\DRIVERS\ptilink.sys)(Parallel Technologies, Inc.)
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139]
(system32\DRIVERS\RTL8139.SYS)(Realtek Semiconductor Corporation)
[Secdrv / Secdrv]
(system32\DRIVERS\secdrv.sys)(N/A)
[SKNFW / SKNFW]
(\??\C:\WINDOWS\system32\Drivers\SKNFW.sys)(N/A)
[SkyProcs / SkyProcs]
(\??\C:\PROGRA~1\SkyNet\Firewall\SkyProcs.sys)(N/A)



--------------------------------------------------------------------------------



浏览器加载项

[Web反病毒保护]
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} (C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll, Kaspersky Lab)
[FlashGet]
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} (C:\PROGRA~1\FlashGet\flashget.exe, Amaze Soft)
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} (C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation)
[FlashGet Bar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} (C:\PROGRA~1\FlashGet\fgiebar.dll, Amaze Soft)
[CEditCtrl Object]
{488A4255-3236-44B3-8F27-FA1AECAA8844} (C:\WINDOWS\system32\aliedit\AliEdit.dll, www.alipay.com)
[AxSubmitControl Class]
{8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} (C:\WINDOWS\DOWNLO~1\SUBMIT~1.DLL, )
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} (C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.)
[上传到QQ网络硬盘]
(D:\C盘\QQ2003III丐丐版\qq\AddToNetDisk.htm, N/A)
[使用网际快车下载]
(C:\PROGRA~1\FlashGet\jc_link.htm, N/A)
[使用网际快车下载全部链接]
(C:\PROGRA~1\FlashGet\jc_all.htm, N/A)
[添加到QQ自定义面板]
(D:\C盘\QQ2003III丐丐版\qq\AddPanel.htm, N/A)
[添加到QQ表情]
(D:\C盘\QQ2003III丐丐版\qq\AddEmotion.htm, N/A)
[用QQ彩信发送该图片]
(D:\C盘\QQ2003III丐丐版\qq\SendMMS.htm, N/A)



--------------------------------------------------------------------------------

正在运行的进程

[PID: 540][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 612][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 636][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\klogon.dll] [Kaspersky Lab, 6.0.0.299]
[PID: 680][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 692][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 844][C:\WINDOWS\system32\Ati2evxx.exe] [N/A, N/A]
[PID: 856][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 920][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1008][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll] [Kaspersky Lab, 6.0.0.299]
[PID: 1060][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1148][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1416][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\msdmo.dll] [N/A, N/A]
[PID: 1512][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1612][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] [RealNetworks, Inc., 0.1.0.1622]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll] [Kaspersky Lab, 6.0.0.299]
[PID: 1660][C:\WINDOWS\system32\windowstime.exe] [N/A, N/A]
[PID: 216][C:\WINDOWS\system32\wscntfy.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 656][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2700][C:\WINDOWS\system32\taskmgr.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2852][C:\WINDOWS\system32\wuauclt.exe] [Microsoft Corporation, 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3988][C:\Downloads\sreng2\SREng\SREng.exe] [Smallfrogs Studio, 2.2.6.605]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll] [Kaspersky Lab, 6.0.0.299]



--------------------------------------------------------------------------------



文件关联

.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]



--------------------------------------------------------------------------------



Winsock 提供者

N/A



--------------------------------------------------------------------------------



Autorun.inf

N/A



--------------------------------------------------------------------------------

求助，昨天不知道如何卡巴就报警有1.EXE 2.EXE疯狂弹出，但好象杀不掉，后来把TEMP临时文件都给删除了，才没有报警，但感觉还是有问题

日志貌似不全

啊，楼上，我这个都完全拷贝过来了