求救!!!logo1_.exe病毒...怎么也删除不了? bbs.ikaka.com

轮回了一把 - 2006-10-31 13:02:00

同情一下先看我是级别就知道了我也是一小菜鸟但有些事情你是否已经想明白了
1 维金就是电脑的癌如果你是一高手可以尽情的玩菜鸟玩的起吗
2 你说你想出差前搞定然而这种事情不是想快就快的了的何必搞的自己头大上火出差了还掂念家里的电脑不如放松心情格掉算了
医生有两种一种是治病一种是救人
就看你自己怎么选了

deadmanzj - 2006-10-31 13:10:00

路过看到，帮M收集一个先，LZ偶要logo1_.exe这个文件。。。找到压缩加密123
发到我邮箱，邮箱见我签名。。。

LZ，给你指条路，去金山下载个专杀。。。好象金山的专杀不错，如果不行就格全盘。。。。

flyingdaisy - 2006-10-31 16:51:00

楼上倒是看的仔细..可惜也是菜鸟...

...不找到解决的办法实在郁闷

找朋友帮忙这个频率也太高了..我上个月重装过..

请专门做的上门就2,3百...白白送给病毒...下次中了还不一样

等...

一定会有人知道怎么解决的

flyingdaisy - 2006-10-31 17:00:00

谢谢楼上...

等我解决上网的问题先...不能上网就什么也干不了...

郁闷...每次杀毒都杀出新的问题

到时是不是再扫个日志上来就知道到底成功没有呢?

ps痴线 - 2006-10-31 17:05:00

很久以前的啦```

xujingshu - 2006-10-31 17:11:00

英雄，你也够苦的啊，我自己也是格了全盘以后重做系统，一天时间都没有就中着，后面连续做了五次系统，在三天时间内。
最后没办法，在一个叫蒲公英的论坛上面有讲到除威金的办法，我也是照那个方法弄，现在电脑才正常的，但就是不知道以后会不会再中着了！

flyingdaisy - 2006-10-31 17:41:00

哈哈..楼上的..好巧啊...我刚才还在看蒲公英那个海洋的帖子

真的有用啊

我就是不想一遇到病毒就只能重装...看来有一点点希望咯

我是来来 - 2006-10-31 18:05:00

这可真热闹!

真聋天子 - 2006-10-31 18:19:00

引用:

【天山雪狐的贴子】病毒是在windows目录下生成dll.dll,logo1_.exe,rundl132.exe这三个文件。
而dll.dll注入explorer.exe是由logo1_.exe来完成。病毒会在开机自动执行中加入rundl132.exe 首先打开我的电脑！选工具——文件夹选项——查看（快捷键按ALT+T再按O）中的"隐藏受保护的操作系统文件(推荐)"的勾取消,把"显示所有文件和文件夹"选中！
1.按CTRL+ALT+DEL在任务管理器中把rundl132.exe,logo1_.exe结束掉(没有的话,不用操作),删除C盘内的logo1_.exel和rundl132.exe(不知道在哪里的,可以打开我的电脑按CTRL+F然后搜索rundl132.exe,logo1_.exe)

2.因为DLL.dll模块被写入到explorer中,所以删除不掉.不过能有办法删除,打开任务管理把进程中的explorer.exe结束掉，接着桌面变消失了，不怕！选中任务管理器的“文件（F）”——“新任务（运行。。）（N）”然后运行explorer.exe桌面就又出来了！接着把在C:盘下的DLL.dll删除掉(按CTRL+F查找它,然后删除)

3.在运行中输入regedit查找注册表键值：[HKEY_LOCAL_MACHINE\Software\Soft\DownloadWWW]将其删除,然后按CTRL+F查找注册表键值rundl132.exe及在这项中的所有键值将其删除

4.打开我的电脑按CTRL+F然后搜索_desktop.ini,把找到的所有_desktop.ini删除(删除后图标还显示在那里,别管它,关掉后在查一次看看是否还有)

该病毒会感染到exe应用程序中如QQ、Office系列、千千静听、RealPlayer,一般图标变色的为被感染了,要重装程序.最好试着打开程序后查找一下有没生成_desktop.ini,有的话证明那程序被感染了,要按照上面所说的再手动杀下毒,然后重装该软件.(一般感染的程序不会很多,就是rundl132.exe,logo1_.exe图标的那个程序)!知道在打开程序没有出现_desktop.ini就说明大功告成了.
………………

我也中了这个....我的瑞醒是06版的,也更新过...但是一中了这个病毒就打不开瑞醒了,系统提示找不到 RsGuilib.dll 文件....重装后也不行....防火墙等等全报销,说找不到一个文件.........而且rundl132.exe,logo1_.exe几个病毒好象也感染其他盘吧.............

flyingdaisy - 2006-11-2 11:12:00

我的瑞星可以打开牙。。也杀出好一些viking的。。就是现在我不知道有没有杀完。。。估计没有。。
不能上网，，也不能把现在的日志扫上来。。

我在windows\下删除了3个rundl132。exe（现在不确定里面有没有rundll32。exe，是否被我误删了，因为杀完毒后重启显示系统找不到指定文件。。我当时又没注意是l还是1。。）。。。windows下有rundll132文件么？。。555。。菜鸟中毒还真是惨

dodo66 - 2006-11-2 12:10:00

兄弟，你中了至少5个病毒。

flyingdaisy - 2006-11-4 16:25:00

终于恢复上网了。。。

毒也杀了。。图标恢复正常。。。不知道现在还有没有问题。。

再扫个日志上来。。。各位给看看。。。谢谢

和病毒斗争可真辛苦。。。

flyingdaisy - 2006-11-4 16:28:00

2006-11-04,16:17:13

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Corporation]
<MsnMsgr><"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background> [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Corporation]
<PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Corporation]
<PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Corporation]
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<ShStatEXE><"C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE> [Network Associates, Inc.]
<McAfeeUpdaterUI><"C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey> [Network Associates, Inc.]
<Network Associates Error Reporting Service><"C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"> [Network Associates, Inc.]
<BIE><Rundll32 C:\WINDOWS\DOWNLO~1\BDPlugin.dll,Rundll32> []
<AlcxMonitor><ALCXMNTR.EXE> [Realtek Semiconductor Corp.]
<HPDJ Taskbar Utility><C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe> [(Verified)HP]
<MSConfig><C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><C:\Windows\system32\userinit.exe,> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><"\Program Files\Logonui\Logonui.exe"> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{BC207F7D-3E63-4ACA-99B5-FB5F8428200C}><C:\WINDOWS\DOWNLO~1\BDPlugin.dll> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<Device Detector><; "C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe" -autorun> [ACD Systems, Ltd.]
<DeviceDiscovery><; C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe> [Hewlett-Packard]
<HP Software Update><; C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe> [N/A]
<WinampAgent><; "C:\Program Files\Winamp\Winampa.exe"> [N/A]

==================================
启动文件夹
N/A

==================================
服务
[Human Interface Device Access / HidServ]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[McAfee Framework 服务 / McAfeeFramework]
<C:\Program Files\Network Associates\Common Framework\FrameworkService.exe /ServiceStart><Network Associates, Inc.>
[Network Associates McShield / McShield]
<"C:\Program Files\Network Associates\VirusScan\Mcshield.exe"><Network Associates, Inc.>
[Network Associates Task Manager / McTaskManager]
<"C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe"><Network Associates, Inc.>

==================================
驱动程序
[Service for Realtek AC97 Audio (WDM) / ALCXWDM]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[AliIde / AliIde]
<\SystemRoot\System32\DRIVERS\aliide.sys><N/A>
[CmdIde / CmdIde]
<\SystemRoot\System32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[HSFHWBS2 / HSFHWBS2]
<system32\DRIVERS\HSFBS2S2.sys><Conexant Systems, Inc.>
[HSF_DP / HSF_DP]
<system32\DRIVERS\HSFDPSP2.sys><Conexant Systems, Inc.>
[mdmxsdk / mdmxsdk]
<system32\DRIVERS\mdmxsdk.sys><Conexant>
[MegaIDE / MegaIDE]
<\SystemRoot\System32\DRIVERS\MegaIDE.sys><LSI Logic Corporation.>
[NaiAvFilter1 / NaiAvFilter1]
<system32\drivers\naiavf5x.sys><Network Associates, Inc.>
[NaiAvTdi1 / NaiAvTdi1]
<system32\drivers\mvstdi5x.sys><Network Associates, Inc.>
[Netgroup Packet Filter / NPF]
<system32\drivers\npf.sys><Politecnico di Torino>
[nv / nv]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[NVIDIA nForce MCP Networking Controller Driver / NVENET]
<system32\DRIVERS\NVENET.sys><NVIDIA Corporation>
[Padus ASPI Shell / pfc]
<system32\drivers\pfc.sys><Padus, Inc.>
[Direct Parallel Link Driver / Ptilink]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139]
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv]
<system32\DRIVERS\secdrv.sys><N/A>
[TCP/IP Protocol Driver / Tcpip]
<system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[ViaIde / ViaIde]
<\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>

flyingdaisy - 2006-11-4 16:29:00

==================================
浏览器加载项
[BDHlprObj Class]
{CA92B524-BC8A-4610-BD2C-6BD3E28155D0} <C:\WINDOWS\DOWNLO~1\BDHelper.dll, >
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[金山快译(&K)]
{6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} <C:\Program Files\Kingsoft\FastAIT 2005\IEBand.dll, 金山软件股份有限公司>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[金山快译(&K)]
{6C3797D2-3FEF-4CD4-B654-D3AE55B4128C} <C:\Program Files\Kingsoft\FastAIT 2005\IEBand.dll, 金山软件股份有限公司>
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[BDHlprObj Class]
{CA92B524-BC8A-4610-BD2C-6BD3E28155D0} <C:\WINDOWS\DOWNLO~1\BDHelper.dll, >
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\macromed\flash\Flash.ocx, Macromedia, Inc.>
[导出到 Microsoft Office Excel(&X)]
<res://c:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000, N/A>

==================================
正在运行的进程
[PID: 380][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 640][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 664][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 708][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\EntApi.dll] [Network Associates, Inc, 8.0.0.240]
[PID: 720][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\EntApi.dll] [Network Associates, Inc, 8.0.0.240]
[PID: 876][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\EntApi.dll] [Network Associates, Inc, 8.0.0.240]
[PID: 944][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\EntApi.dll] [Network Associates, Inc, 8.0.0.240]
[PID: 1048][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\EntApi.dll] [Network Associates, Inc, 8.0.0.240]
[PID: 1100][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\EntApi.dll] [Network Associates, Inc, 8.0.0.240]
[PID: 1152][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\EntApi.dll] [Network Associates, Inc, 8.0.0.240]
[PID: 1476][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\DOWNLO~1\BDPlugin.dll] [, 1, 0, 1, 1]
[C:\WINDOWS\system32\EntApi.dll] [Network Associates, Inc, 8.0.0.240]
[C:\WINDOWS\DOWNLO~1\BDHelper.dll] [, 1, 0, 0, 6]
[C:\Program Files\Network Associates\VirusScan\scriptproxy.dll] [Network Associates, Inc., 8.0.0.912]
[C:\Program Files\Network Associates\VirusScan\mytilus.dll] [Network Associates, Inc., 8.0.0.251]
[C:\Program Files\Network Associates\VirusScan\Res04\McShield.dll] [Network Associates, Inc., 8.0.0.251]
[C:\Program Files\Common Files\Network Associates\Engine\mcscan32.dll] [McAfee, Inc., 4.4.00]
[C:\Program Files\WinRAR\rarext.dll] [N/A, N/A]
[C:\Program Files\Network Associates\VirusScan\shext.dll] [Network Associates, Inc., 8.0.0.912]
[C:\Program Files\Network Associates\VirusScan\RES04\ShExtRes.dll] [Network Associates, Inc., 8.0.0.912]
[C:\WINDOWS\system32\KIme.ime] [金山软件公司, 1, 0, 0, 1]
[C:\Program Files\Common Files\kingsoft\Extract\KSEngine.dll] [金山软件有限公司, 2, 0, 1, 0]
[C:\WINDOWS\system32\UNISPIM.IME] [北京清华紫光软件股份有限公司, 3.0.0.3045]
[C:\WINDOWS\system32\upengine.dll] [北京清华紫光软件股份有限公司, 3.0.0.3045]
[C:\WINDOWS\system32\msdmo.dll] [N/A, N/A]
[C:\WINDOWS\system32\icm32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\mswsock30.dll] [N/A, N/A]
[PID: 1592][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\hpzsnt08.dll] [HP, 2,223,0,0]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\hpzpm308.dll] [HP, 2,223,0,0]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\hpz2ku08.dll] [HP, 2,223,0,0]
[PID: 1652][C:\WINDOWS\system32\Rundll32.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\DOWNLO~1\BDPlugin.dll] [, 1, 0, 1, 1]
[C:\WINDOWS\system32\mswsock30.dll] [N/A, N/A]
[PID: 1852][C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE] [Network Associates, Inc., 8.0.0.912]
[C:\Program Files\Network Associates\VirusScan\SHUTIL.dll] [Network Associates, Inc., 8.0.0.912]
[C:\Program Files\Network Associates\VirusScan\naiwmain.dll] [Network Associates, Inc., 8.0.0.912]
[C:\Program Files\Network Associates\VirusScan\RES04\shstat.dll] [Network Associates, Inc., 8.0.0.912]
[C:\Program Files\Network Associates\VirusScan\RES04\Product.dll] [Network Associates, Inc., 8.0.0.912]
[C:\Program Files\Network Associates\VirusScan\RES04\McShield.dll] [Network Associates, Inc., 8.0.0.251]
[C:\Program Files\Network Associates\VirusScan\RES04\Shutilrc.dll] [Network Associates, Inc., 8.0.0.912]
[C:\Program Files\Network Associates\VirusScan\Graphics.dll] [Network Associates, Inc., 8.0.0.912]
[C:\WINDOWS\DOWNLO~1\BDPlugin.dll] [, 1, 0, 1, 1]
[C:\WINDOWS\system32\mswsock30.dll] [N/A, N/A]
[PID: 1860][C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe] [Network Associates, Inc., 3.5.0.412]
[C:\Program Files\Network Associates\Common Framework\nailog.dll] [Network Associates, Inc., 3.5.0.474]
[C:\Program Files\Network Associates\Common Framework\naCmnLib.dll] [Network Associates, Inc., 3.5.0.474]
[C:\Program Files\Network Associates\Common Framework\naXML.dll] [Network Associates, Inc., 3.5.0.474]
[C:\Program Files\Network Associates\Common Framework\0804\UpdRes.dll] [Network Associates, Inc., 3.5.0.412]
[C:\Program Files\Network Associates\Common Framework\0804\AgentRes.dll] [Network Associates, Inc., 3.5.0.412]
[C:\WINDOWS\DOWNLO~1\BDPlugin.dll] [, 1, 0, 1, 1]
[C:\Program Files\Network Associates\Common Framework\SecureFrameworkFactory.dll] [Network Associates, Inc., 3.5.0.412]
[C:\WINDOWS\system32\mswsock30.dll] [N/A, N/A]
[PID: 1928][C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe] [Network Associates, Inc., 2.0.275.0]
[C:\WINDOWS\DOWNLO~1\BDPlugin.dll] [, 1, 0, 1, 1]
[PID: 1956][C:\Program Files\Winamp\Winampa.exe] [N/A, N/A]
[C:\WINDOWS\DOWNLO~1\BDPlugin.dll] [, 1, 0, 1, 1]
[C:\WINDOWS\system32\mswsock30.dll] [N/A, N/A]
[PID: 1980][C:\WINDOWS\ALCXMNTR.EXE] [Realtek Semiconductor Corp., 1.2]
[C:\WINDOWS\DOWNLO~1\BDPlugin.dll] [, 1, 0, 1, 1]
[PID: 1996][C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe] [N/A, N/A]
[C:\WINDOWS\DOWNLO~1\BDPlugin.dll] [, 1, 0, 1, 1]
[PID: 160][C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe] [Hewlett-Packard, 1, 0, 0, 1]
[C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpodvd08.dll] [Hewlett-Packard, 2, 0, 2, 2]
[C:\WINDOWS\DOWNLO~1\BDPlugin.dll] [, 1, 0, 1, 1]
[C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxm08.dll] [Hewlett-Packard Co., 4.2.0.127]
[PID: 168][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\DOWNLO~1\BDPlugin.dll] [, 1, 0, 1, 1]
[C:\WINDOWS\system32\mswsock30.dll] [N/A, N/A]

flyingdaisy - 2006-11-4 16:29:00

[PID: 484][C:\Program Files\Network Associates\Common Framework\FrameworkService.exe] [Network Associates, Inc., 3.5.0.412]
[C:\Program Files\Network Associates\Common Framework\nailog.dll] [Network Associates, Inc., 3.5.0.474]
[C:\Program Files\Network Associates\Common Framework\naXML.dll] [Network Associates, Inc., 3.5.0.474]
[C:\Program Files\Network Associates\Common Framework\naCmnLib.dll] [Network Associates, Inc., 3.5.0.474]
[C:\Program Files\Network Associates\Common Framework\applib.dll] [Network Associates, Inc., 3.5.0.412]
[C:\Program Files\Network Associates\Common Framework\0804\AgentRes.dll] [Network Associates, Inc., 3.5.0.412]
[C:\Program Files\Network Associates\Common Framework\Logging.dll] [Network Associates, Inc., 3.5.0.412]
[C:\Program Files\Network Associates\Common Framework\InternetManager.dll] [Network Associates, Inc., 3.5.0.412]
[C:\Program Files\Network Associates\Common Framework\naInet.dll] [Network Associates, Inc., 3.5.0.474]
[C:\Program Files\Network Associates\Common Framework\UserSpace.dll] [Network Associates, Inc., 3.5.0.412]
[C:\Program Files\Network Associates\Common Framework\SecureFrameworkFactory.dll] [Network Associates, Inc., 3.5.0.412]
[C:\Program Files\Network Associates\Common Framework\Management.dll] [Network Associates, Inc., 3.5.0.412]
[C:\Program Files\Network Associates\Common Framework\cmalib.dll] [Network Associates, Inc., 3.5.0.412]
[C:\Program Files\Network Associates\Common Framework\naPolicyManager.dll] [Network Associates, Inc., 3.5.0.412]
[C:\Program Files\Network Associates\Common Framework\ScriptSubSys.dll] [Network Associates, Inc., 3.5.0.412]
[C:\Program Files\Network Associates\Common Framework\UpdateSubSys.dll] [Network Associates, Inc., 3.5.0.412]
[C:\Program Files\Network Associates\Common Framework\Scheduler.dll] [Network Associates, Inc., 3.5.0.412]
[C:\Program Files\Network Associates\Common Framework\TCSubSys.dll] [Network Associates, Inc., 3.5.0.412]
[C:\WINDOWS\system32\EntApi.dll] [Network Associates, Inc, 8.0.0.240]
[PID: 520][C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe] [Network Associates, Inc., 3.5.0.412]
[C:\PROGRA~1\NETWOR~1\COMMON~1\nailog.dll] [Network Associates, Inc., 3.5.0.474]
[C:\PROGRA~1\NETWOR~1\COMMON~1\naCmnLib.dll] [Network Associates, Inc., 3.5.0.474]
[C:\PROGRA~1\NETWOR~1\COMMON~1\naXML.dll] [Network Associates, Inc., 3.5.0.474]
[C:\PROGRA~1\NETWOR~1\COMMON~1\0804\AgentRes.dll] [Network Associates, Inc., 3.5.0.412]
[C:\Program Files\Network Associates\VirusScan\VsPlugin.dll] [Network Associates, Inc., 8.0.0.912]
[C:\WINDOWS\system32\EntApi.dll] [Network Associates, Inc, 8.0.0.240]
[PID: 524][C:\Program Files\Network Associates\VirusScan\Mcshield.exe] [Network Associates, Inc., 8.0.0.251]
[C:\Program Files\Network Associates\VirusScan\Res04\McShield.DLL] [Network Associates, Inc., 8.0.0.251]
[C:\Program Files\Network Associates\VirusScan\FTL.Dll] [Network Associates, Inc., 8.0.0.133]
[C:\Program Files\Network Associates\VirusScan\naiann.dll] [Network Associates, Inc., 8.0.0.251]
[C:\Program Files\Network Associates\VirusScan\mytilus.dll] [Network Associates, Inc., 8.0.0.251]
[C:\Program Files\Network Associates\Common Framework\GenEvtInf.dll] [Network Associates, Inc., 3.5.0.412]
[C:\Program Files\Network Associates\VirusScan\NaEventU.DLL] [Network Associates, Inc., 8.0.0.342]
[C:\Program Files\Network Associates\VirusScan\Res04\naEvtRes.dll] [Network Associates, Inc., 8.0.0.342]
[C:\Program Files\Network Associates\VirusScan\VSIDSvr.dll] [Network Associates, Inc., 8.0.0.251]
[C:\Program Files\Common Files\Network Associates\Engine\MCSCAN32.DLL] [McAfee, Inc., 4.4.00]
[C:\Program Files\Network Associates\Common Framework\SecureFrameworkFactory.dll] [Network Associates, Inc., 3.5.0.412]
[C:\Program Files\Network Associates\VirusScan\EntSrv.Dll] [Network Associates, Inc, 8.0.0.240]
[PID: 600][C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe] [Network Associates, Inc., 8.0.0.912]
[C:\Program Files\Network Associates\VirusScan\SHUTIL.dll] [Network Associates, Inc., 8.0.0.912]
[C:\Program Files\Network Associates\VirusScan\naiwmain.dll] [Network Associates, Inc., 8.0.0.912]
[C:\Program Files\Network Associates\VirusScan\naicondl.dll] [Network Associates, Inc., 8.0.0.912]
[C:\Program Files\Network Associates\VirusScan\RES04\VsTskMgr.dll] [Network Associates, Inc., 8.0.0.912]
[C:\Program Files\Network Associates\VirusScan\MIDUtil.Dll] [Network Associates, Inc., 8.0.0.145]
[PID: 1008][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: DNSRV(bld4act)]
[PID: 1708][C:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\DOWNLO~1\BDPlugin.dll] [, 1, 0, 1, 1]
[PID: 224][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\EntApi.dll] [Network Associates, Inc, 8.0.0.240]
[PID: 2052][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2092][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\EntApi.dll] [Network Associates, Inc, 8.0.0.240]
[C:\WINDOWS\DOWNLO~1\BDPlugin.dll] [, 1, 0, 1, 1]
[C:\WINDOWS\DOWNLO~1\BDHelper.dll] [, 1, 0, 0, 6]
[C:\Program Files\Network Associates\VirusScan\scriptproxy.dll] [Network Associates, Inc., 8.0.0.912]
[C:\Program Files\Network Associates\VirusScan\mytilus.dll] [Network Associates, Inc., 8.0.0.251]
[C:\Program Files\Network Associates\VirusScan\Res04\McShield.dll] [Network Associates, Inc., 8.0.0.251]
[C:\Program Files\Common Files\Network Associates\Engine\mcscan32.dll] [McAfee, Inc., 4.4.00]
[C:\WINDOWS\system32\macromed\flash\Flash.ocx] [Macromedia, Inc., 7,0,19,0]
[C:\WINDOWS\system32\KIme.ime] [金山软件公司, 1, 0, 0, 1]
[C:\Program Files\Common Files\kingsoft\Extract\KSEngine.dll] [金山软件有限公司, 2, 0, 1, 0]
[C:\WINDOWS\system32\UNISPIM.IME] [北京清华紫光软件股份有限公司, 3.0.0.3045]
[C:\WINDOWS\system32\upengine.dll] [北京清华紫光软件股份有限公司, 3.0.0.3045]
[C:\WINDOWS\system32\mswsock30.dll] [N/A, N/A]
[C:\WINDOWS\DOWNLO~1\BDSrHook.dll] [, 1, 0, 0, 4]
[PID: 3088][C:\Program Files\MSN Messenger\msnmsgr.exe] [Microsoft Corporation, 7.5.0324]
[C:\WINDOWS\DOWNLO~1\BDPlugin.dll] [, 1, 0, 1, 1]
[C:\WINDOWS\system32\msdmo.dll] [N/A, N/A]
[C:\Program Files\Network Associates\VirusScan\scriptproxy.dll] [Network Associates, Inc., 8.0.0.912]
[C:\Program Files\Network Associates\VirusScan\mytilus.dll] [Network Associates, Inc., 8.0.0.251]
[C:\Program Files\Network Associates\VirusScan\Res04\McShield.dll] [Network Associates, Inc., 8.0.0.251]
[C:\Program Files\Common Files\Network Associates\Engine\mcscan32.dll] [McAfee, Inc., 4.4.00]
[C:\WINDOWS\system32\macromed\flash\Flash.ocx] [Macromedia, Inc., 7,0,19,0]
[C:\WINDOWS\system32\KIme.ime] [金山软件公司, 1, 0, 0, 1]
[C:\Program Files\Common Files\kingsoft\Extract\KSEngine.dll] [金山软件有限公司, 2, 0, 1, 0]
[C:\WINDOWS\system32\UNISPIM.IME] [北京清华紫光软件股份有限公司, 3.0.0.3045]
[C:\WINDOWS\system32\upengine.dll] [北京清华紫光软件股份有限公司, 3.0.0.3045]
[C:\WINDOWS\system32\mswsock30.dll] [N/A, N/A]
[PID: 712][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] [RealNetworks, Inc., 0.1.0.3427]
[C:\WINDOWS\DOWNLO~1\BDPlugin.dll] [, 1, 0, 1, 1]
[PID: 800][D:\2006.8.13adsl故障\扫日志\SREng\SREng.exe] [Smallfrogs Studio, 2.2.6.605]
[C:\WINDOWS\system32\mswsock30.dll] [N/A, N/A]
[C:\WINDOWS\DOWNLO~1\BDPlugin.dll] [, 1, 0, 1, 1]

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
MSAFD Tcpip [TCP/IP]
C:\WINDOWS\system32\mswsock30.dll(N/A, N/A)
MSAFD Tcpip [UDP/IP]
C:\WINDOWS\system32\mswsock30.dll(N/A, N/A)
MSAFD Tcpip [RAW/IP]
C:\WINDOWS\system32\mswsock30.dll(N/A, N/A)
RSVP UDP Service Provider
C:\WINDOWS\system32\mswsock30.dll(N/A, N/A)
RSVP TCP Service Provider
C:\WINDOWS\system32\mswsock30.dll(N/A, N/A)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{D241CC89-C28B-414D-B69D-5D31D1315770}] SEQPACKET 3
C:\WINDOWS\system32\mswsock30.dll(N/A, N/A)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{D241CC89-C28B-414D-B69D-5D31D1315770}] DATAGRAM 3
C:\WINDOWS\system32\mswsock30.dll(N/A, N/A)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{80ACDF94-BF8E-4067-A08D-38AAEF38F650}] SEQPACKET 0
C:\WINDOWS\system32\mswsock30.dll(N/A, N/A)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{80ACDF94-BF8E-4067-A08D-38AAEF38F650}] DATAGRAM 0
C:\WINDOWS\system32\mswsock30.dll(N/A, N/A)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{A15FE80C-B952-4DDD-BCE4-6A00F5695FB2}] SEQPACKET 1
C:\WINDOWS\system32\mswsock30.dll(N/A, N/A)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{A15FE80C-B952-4DDD-BCE4-6A00F5695FB2}] DATAGRAM 1
C:\WINDOWS\system32\mswsock30.dll(N/A, N/A)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{4DAFA87D-7ED3-4416-99F7-F0CA25413912}] SEQPACKET 2
C:\WINDOWS\system32\mswsock30.dll(N/A, N/A)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{4DAFA87D-7ED3-4416-99F7-F0CA25413912}] DATAGRAM 2
C:\WINDOWS\system32\mswsock30.dll(N/A, N/A)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{4FF417CB-4E9C-4B35-B312-3FF341323913}] SEQPACKET 4
C:\WINDOWS\system32\mswsock30.dll(N/A, N/A)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{4FF417CB-4E9C-4B35-B312-3FF341323913}] DATAGRAM 4
C:\WINDOWS\system32\mswsock30.dll(N/A, N/A)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{C406F126-52E0-411B-A0D0-DA9B8F259C38}] SEQPACKET 5
C:\WINDOWS\system32\mswsock30.dll(N/A, N/A)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{C406F126-52E0-411B-A0D0-DA9B8F259C38}] DATAGRAM 5
C:\WINDOWS\system32\mswsock30.dll(N/A, N/A)

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 localhost

==================================

flyingdaisy - 2006-11-4 16:31:00

懂的帮我看看最新的日志，威金彻底清除了么？或者还有什么别的问题没有？

叶·幽思 - 2006-11-4 16:36:00

安全模式下批处理删除~~~

JM有相关帖子

转过来嘿嘿~!

http://bbs.2dai.com/attachment.php?aid=121919

叶·幽思 - 2006-11-4 16:47:00

安全模式下用LSP Fix删除C:\WINDOWS\system32\mswsock30.dll

再用WinsockXPFix修复下,点Fix.

LSP Fix地址见"反浏览器版"置顶贴

WinsockXPFix下载地址:http://www.wedoc.com/software/WinsockXPFix.exe

之后再用ewido查下看能不能解决?

ewido下载地址:http://forum.ikaka.com/topic.asp?board=67&artid=7756816

高歌猛进 - 2006-11-4 17:01:00

楼主辛苦了~~~~~~~~~~~~~~~~

flyingdaisy - 2006-11-4 17:19:00

?等...

flyingdaisy - 2006-11-4 17:23:00

楼上的楼上说得什么我不明白..删除什么啊?

我到目前为止能做的已经做了..但我不知道现在系统是不是真的正常了...需要有人对我现在的日志下个结论

終生學習 - 2006-11-4 18:08:00

引用:

【flyingdaisy的贴子】楼上的楼上说得什么我不明白..删除什么啊?

我到目前为止能做的已经做了..但我不知道现在系统是不是真的正常了...需要有人对我现在的日志下个结论
………………

病毒是没了，但是还受到一些威胁，按照楼上的楼上的楼上下载那个来修复

flyingdaisy - 2006-11-4 18:16:00

谢谢楼上终生学习和叶.幽思...居然真的杀掉拉...

定心了...

我是来来 - 2006-11-4 18:22:00

这帖可真热!

我是来来 - 2006-11-4 18:27:00

这帖可真热!

dodo66 - 2006-11-4 18:32:00

xuexi zhong

flyingdaisy - 2006-11-4 19:09:00

叶.幽思转贴的第一个链接看不到...注册需要一个邀请码...
直接到安全模式下删除mswsock30.dll不可以么?
可惜我的ewido不能更新...试了再上日志...
麻烦你们再帮我看看

flyingdaisy - 2006-11-4 19:26:00

LSP fix下不了啊...谁能提供一个有效的链接啊?

jmbt - 2006-11-4 21:04:00

楼主，你真倒霉，中ViKing了，格全盘重装吧

flyingdaisy - 2006-11-4 21:16:00

没有有效链接么?

那还有没有别的办法那?

或者直接到安全模式下手动删除...然后再用WinsockXPFix修复,行不行?

今天人好少..

好在现在电脑表面上挺正常的...

瑞星卡卡安全论坛