论坛: 病毒专区 标题: 各位大哥帮小弟看下系统有没有问题 复制本贴地址    
作者: abc121 [abc121]    论坛用户   登录
StartupList report, 2005-10-17, 19:45:25
StartupList version: 1.52.2
Started from : D:\hijackthis\HijackThis.EXE
Detected: Windows 2000 SP4 (WinNT 5.00.2195)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\DRIVERS\CDANTSRV.EXE
C:\WINNT\system32\svchost.exe
D:\KV2005\KV2005\KVSrvXP.exe
C:\WINNT\system32\nvsvc32.exe
C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
D:\KV2005\KV2005\KVMonXP.kxp
C:\WINNT\system32\internat.exe
C:\PROGRA~1\EFFICI~1\ENTERN~1\app\EnterNet.exe
C:\Program Files\Tencent\QQ\QQ.exe
C:\Program Files\Tencent\QQ\QQ.exe
C:\Program Files\Tencent\QQ\TIMPlatform.exe
C:\Program Files\KVFW\kvfw.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\hijackthis\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[C:\Documents and Settings\All Users\「开始」菜单\程序\启动]
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINNT\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Synchronization Manager = mobsync.exe /logon
AVWeb =
KvMonXP = D:\KV2005\KV2005\KVMonXP.kxp /auto
NvCplDaemon = RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
nwiz = nwiz.exe /install
NvMediaCenter = RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Internat.exe = internat.exe
KVFW = C:\Program Files\KVFW\kvfw.exe -silent
KvXP = D:\KV2005\KV2005\KvXP.kxp /ScanBoot

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

SVC Service = svc32.pif

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[3721TRQua]
Sygate Personal Firewall Startup = MSDEV.EXE

[OptionalComponents]
*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

[3721TRQua]
Sygate Personal Firewall Startup = msdev.exe
Wind Security = mswi32.pif
SVC Service = svc32.pif

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

[3721TRQua]
Sygate Personal Firewall Startup = MSDEV.EXE

--------------------------------------------------

Shell & screensaver key from C:\WINNT\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - D:\adobe\Reader\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - (no file) - {749D1D7D-1969-4014-A98D-9E867E7508D0}
(no name) - D:\KV2005\KV2005\KvShell.dll - {80BF4637-D65B-43F3-BB60-C5DD3D5FB7B9}
(no name) - D:\FLASHGET\jccatch.dll - {A5366673-E8CA-11D3-9CD9-0090271D075B}
(no name) - d:\NetTransport 2\NTIEHelper.dll - {C56CB6B0-0D96-11D6-8C65-B2868B609932}
(no name) - C:\WINNT\system32\toolbar2.dll - {DAFE0426-96F6-472E-B98D-EF873EB7CFF2}

--------------------------------------------------

Enumerating Task Scheduler jobs:

DDD_Install_Program.job

--------------------------------------------------

Enumerating Download Program Files:

[VTPlug3 Class]
InProcServer32 = C:\WINNT\Downloaded Program Files\VTrans3.dll
CODEBASE = http://61.152.96.82:1995/VTrans.cab

[InstaFred]
InProcServer32 = C:\WINNT\DOWNLO~1\InstFred.ocx
CODEBASE = file://D:\CAD\InstFred.ocx

[BlueskyVideo Control]
InProcServer32 = C:\WINNT\v2.ocx
CODEBASE = http://www.bluesky.cn/download/v2_60.cab

[IMCv1 Control]
CODEBASE = http://61.152.96.82:1995/talk.cab

[AcDcToday 控件]
InProcServer32 = C:\WINNT\DOWNLO~1\ACDCTO~1.OCX
CODEBASE = file://D:\CAD\AcDcToday.ocx

[IE Class]
InProcServer32 = C:\WINNT\DOWNLO~1\NewProc.dll
CODEBASE = https://www.95599.cn/platform/pub/cab/ABC.cab

[LoaderCore Class]
InProcServer32 = C:\WINNT\Downloaded Program Files\DLLoader.dll
CODEBASE = http://tb.sogou.com/DLLoader.cab

[Blueskyvoice Control]
InProcServer32 = C:\WINNT\DOWNLO~1\CONFLICT.1\BLUESK~1.OCX
CODEBASE = http://www.bluesky.cn/download/blueskyvoice_60.cab

[NOXLATE-BANR]
InProcServer32 = C:\WINNT\DOWNLO~1\InstBanr.ocx
CODEBASE = file://D:\CAD\InstBanr.ocx

[Shockwave Flash Object]
InProcServer32 = C:\WINNT\system32\macromed\flash\Flash.ocx
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

[Ravonline]
InProcServer32 = C:\WINNT\Downloaded Program Files\RsOnline.dll
CODEBASE = http://download.rising.com.cn/QQ/QQkill/rsonline.cab

[Rising Web Scan Object]
InProcServer32 = C:\WINNT\Downloaded Program Files\OL2005.dll
CODEBASE = http://download.rising.com.cn/register/pcver/autoupgradepad/Ver2005/OL2005.cab

[{EF6205C1-3F17-4829-BCB5-1336ED89E356}]
CODEBASE = http://club.jiangmin.com/kvscan/KvDown.cab

[AcPreview 控件]
InProcServer32 = C:\WINNT\DOWNLO~1\ACPREV~1.OCX
CODEBASE = file://D:\CAD\AcPreview.ocx

--------------------------------------------------

Enumerating Winsock LSP files:

Protocol #1: C:\WINNT\system32\KvWspXp.dll
Protocol #2: C:\WINNT\system32\KvWspXp.dll
Protocol #3: C:\WINNT\system32\KvWspXp.dll

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

Network.ConnectionTray: C:\WINNT\system32\NETSHELL.dll
WebCheck: C:\WINNT\system32\webcheck.dll
SysTray: stobject.dll

--------------------------------------------------
End of report, 7,556 bytes
Report generated in 0.060 seconds

Command line options:
  /verbose  - to add additional info on each section
  /complete - to include empty sections and unsuspicious data
  /full    - to include several rarely-important sections
  /force9x  - to include Win9x-only startups even if running on WinNT
  /forcent  - to include WinNT-only startups even if running on Win9x
  /forceall - to include all Win9x and WinNT startups, regardless of platform
  /history  - to list version history only


地主 发表时间: 05-10-17 19:40

回复: 独狐 [songhbo]   论坛用户   登录
都这样了啊,你Y死定了.

B1层 发表时间: 05-10-18 17:53

论坛: 病毒专区

20CN网络安全小组版权所有
Copyright © 2000-2010 20CN Security Group. All Rights Reserved.
论坛程序编写:NetDemon

粤ICP备05087286号