瑞星卡卡安全论坛

首页 » 技术交流区 » 反病毒/反流氓软件论坛 » 【求助】怀疑有病毒,但找不到可疑文件[SREngLOG]
龙王神力 - 2008-3-12 11:03:00
现象:
1。不能用鼠标拖动文件;
2。不能在注册表中打开表项;
3。在“计算机管理”中的“事件察看器”、“服务”、“本地用户和组”中的对象都不能显示其“属性”;“磁盘管理”一打开,mmc.exe就出错关闭;
4。symantec antivirus客户端软件安装后不能启动“symantec antivirus”服务;

附件是SREngLOG,瑞星卡卡电脑诊断日志字数太多了只能分帖贴出来,不方便查看,
我把SREngLOG贴上来给大家看看

[CODE]

2008-03-07,18:16:37

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <MSMSGS><"C:\Program Files\Messenger\msmsgs.exe" /background>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <!!QQKav><G:\mydocument\新建文件夹\virus\kill.exe>  [N/A]
    <UnlockerAssistant><"C:\Program Files\Unlocker\UnlockerAssistant.exe">  [N/A]
    <EPolCCControl><C:\Program Files\Linkwork\EPolCC\EPolCCControl.Exe>  [Linkwork]
    <ccApp><"C:\Program Files\Common Files\Symantec Shared\ccApp.exe">  [(Verified)Symantec Corporation]
    <vptray><C:\PROGRA~1\SYMANT~1\VPTray.exe>  [(Verified)Symantec Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\EPOL]
    <WinlogonNotify: EPOL><EPolWLNF.DLL>  [Linkwork]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
    <WinlogonNotify: NavLogon><C:\WINDOWS\system32\NavLogon.dll>  [(Verified)Symantec Corporation]

==================================
启动文件夹
N/A

==================================
服务
[Symantec Event Manager / ccEvtMgr][Running/Auto Start]
  <"C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"><Symantec Corporation>
[Symantec Settings Manager / ccSetMgr][Running/Auto Start]
  <"C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"><Symantec Corporation>
[Symantec AntiVirus Definition Watcher / DefWatch][Stopped/Auto Start]
  <"C:\Program Files\Symantec AntiVirus\DefWatch.exe"><Symantec Corporation>
[EPolCC Service / EPolCCService][Running/Auto Start]
  <C:\Program Files\Linkwork\EPolCC\EPolCC.Exe><Linkwork>
[LiveUpdate / LiveUpdate][Stopped/Manual Start]
  <"C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"><Symantec Corporation>
[SavRoam / SavRoam][Running/Auto Start]
  <"C:\Program Files\Symantec AntiVirus\SavRoam.exe"><symantec>
[Symantec Network Drivers Service / SNDSrvc][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"><Symantec Corporation>
[SPBBCSvc / SPBBCSvc][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe"><Symantec Corporation>
[Symantec AntiVirus / Symantec AntiVirus][Stopped/Auto Start]
  <"C:\Program Files\Symantec AntiVirus\Rtvscan.exe"><Symantec Corporation>

==================================
驱动程序
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[Apaidi / Apaidi][Stopped/Disabled]
  <\??\C:\WINDOWS\system32\drivers\Apaidi.sys><N/A>
[Symantec Eraser Control driver / eeCtrl][Running/System Start]
  <\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys><Symantec Corporation>
[EraserUtilRebootDrv / EraserUtilRebootDrv][Running/Manual Start]
  <\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys><Symantec Corporation>
[ialm / ialm][Running/Manual Start]
  <system32\DRIVERS\igxpmp32.sys><Intel Corporation>
[NAVENG / NAVENG][Stopped/Manual Start]
  <\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080306.003\naveng.sys><Symantec Corporation>
[NAVEX15 / NAVEX15][Stopped/Manual Start]
  <\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080306.003\navex15.sys><Symantec Corporation>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\D:\OFFICE11\npkcrypt.sys><INCA Internet Co., Ltd.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek 10/100/1000 PCI NIC Family NDIS XP Driver / RTL8023xp][Running/Manual Start]
  <system32\DRIVERS\Rtnicxp.sys><Realtek Semiconductor Corporation>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[SAVRT / SAVRT][Others/System Start]
  <\??\C:\Program Files\Symantec AntiVirus\savrt.sys><Symantec Corporation>
[SAVRTPEL / SAVRTPEL][Running/System Start]
  <\??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys><Symantec Corporation>
[SPBBCDrv / SPBBCDrv][Stopped/Manual Start]
  <\??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys><Symantec Corporation>
[SymEvent / SymEvent][Running/Manual Start]
  <\??\C:\Program Files\Symantec\SYMEVENT.SYS><Symantec Corporation>
[SYMREDRV / SYMREDRV][Running/Manual Start]
  <\SystemRoot\System32\Drivers\SYMREDRV.SYS><Symantec Corporation>
[SYMTDI / SYMTDI][Running/System Start]
  <\SystemRoot\System32\Drivers\SYMTDI.SYS><Symantec Corporation>
[xFileMgr / xFileMgr][Running/System Start]
  <\??\C:\WINDOWS\system32\Drivers\xFileMgr.sys><MS User>
[RsAntiSpyware / RsAntiSpyware][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising Technology Co., Ltd.>

==================================
浏览器加载项
[WebBasedClientInstall Class]
  {D30CA0FD-1CA0-11D4-AC78-006008A9A8BC} <C:\WINDOWS\Downloaded Program Files\WebInst.Dll, Symantec Corporation>
[DSO Framer Control Object]
  {00460182-9E5E-11D5-B7C8-B8269041D

附件: 7820962008312105752.txt
龙王神力 - 2008-3-12 11:08:00
浏览器加载项
[WebBasedClientInstall Class]
  {D30CA0FD-1CA0-11D4-AC78-006008A9A8BC} <C:\WINDOWS\Downloaded Program Files\WebInst.Dll, Symantec Corporation>
[DSO Framer Control Object]
  {00460182-9E5E-11D5-B7C8-B8269041DD57} <C:\dsoframer.ocx, Microsoft Corporation>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\WINDOWS\system32\dllcache\dhtmled.ocx, Microsoft Corporation>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[AUDIO__MP3 Moniker Class]
  {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
  {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx, Adobe Systems, Inc.>
[上传到QQ网络硬盘]
  <D:\OFFICE11\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
  <D:\OFFICE11\AddPanel.htm, N/A>
[添加到QQ表情]
  <D:\OFFICE11\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <D:\OFFICE11\SendMMS.htm, N/A>

==================================
正在运行的进程
[PID: 332 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 380 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 404 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\EPolWLNF.DLL]  [Linkwork, 1, 0, 1009, 1]
    [C:\WINDOWS\system32\NavLogon.dll]  [Symantec Corporation, 10.1.5.5000]
[PID: 448 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 460 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 620 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 688 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 744 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 820 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 832 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1088 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\WINDOWS\system32\mdimon.dll]  [Microsoft Corporation, 11.3.1897.0]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll]  [Microsoft Corporation, 11.3.1897.0]
[PID: 1248 / SYSTEM][C:\Program Files\Linkwork\EPolCC\EPolCC.Exe]  [Linkwork, 3, 71, 706, 1]
    [C:\Program Files\Linkwork\EPolCC\CommonFunc.dll]  [Linkwork, 3, 65, 912, 1]
    [C:\Program Files\Linkwork\EPolCC\disksn32.dll]  [Linkwork, 1, 0, 806, 1]
    [C:\Program Files\Linkwork\EPolCC\ext_account.dll]  [Linkwork, 1, 1, 716, 1]
    [C:\Program Files\Linkwork\EPolCC\ext_hotfix.dll]  [Linkwork, 1, 1, 609, 1]
    [C:\Program Files\Linkwork\EPolCC\ext_route.dll]  [LINKWORK, 1, 1, 522, 3]
[PID: 1316 / SYSTEM][C:\Program Files\Symantec AntiVirus\SavRoam.exe]  [symantec, 10.1.5.5000]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Common Files\Symantec Shared\SSC\Transman.dll]  [Symantec Corporation, 10.1.5.5000]
    [C:\WINDOWS\system32\CBA.DLL]  [LANDesk Software Ltd., 6.12.0.142 E]
    [C:\WINDOWS\system32\MsgSys.dll]  [LANDesk Software Ltd., 6.12.0.142 E]
    [C:\WINDOWS\system32\NTS.dll]  [LANDesk Software Ltd., 6.12.0.142 E]
    [C:\WINDOWS\system32\PDS.DLL]  [LANDesk Software Ltd., 6.12.0.142 E]
    [c:\program files\common files\symantec shared\ssc\ScsComms.dll]  [Symantec Corporation, 10.1.5.5000]
[PID: 1432 / SYSTEM][C:\Program Files\Symantec AntiVirus\Rtvscan.exe]  [Symantec Corporation, 10.1.5.5000]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\CBA.DLL]  [LANDesk Software Ltd., 6.12.0.142 E]
    [C:\WINDOWS\system32\MsgSys.dll]  [LANDesk Software Ltd., 6.12.0.142 E]
    [C:\WINDOWS\system32\NTS.dll]  [LANDesk Software Ltd., 6.12.0.142 E]
    [C:\WINDOWS\system32\PDS.DLL]  [LANDesk Software Ltd., 6.12.0.142 E]
    [C:\Program Files\Symantec AntiVirus\NAVLU.dll]  [Symantec Corporation, 10.1.5.5000]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Symantec AntiVirus\I2ldvp3.dll]  [Symantec Corporation, 10.1.5.5000]
    [C:\Program Files\Common Files\Symantec Shared\ccL40.dll]  [Symantec Corporation, 104.0.11.1]
    [C:\Program Files\Symantec AntiVirus\NAVNTUTL.DLL]  [Symantec Corporation, 10.1.5.5000]
    [c:\program files\common files\symantec shared\ssc\ScsComms.dll]  [Symantec Corporation, 10.1.5.5000]
    [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll]  [Symantec Corporation, 104.0.11.1]
    [C:\Program Files\Common Files\Symantec Shared\ccDec.dll]  [Symantec Corporation, 104.0.11.1]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\decsdk.dll]  [Symantec Corporation, 3.02.14.10]
龙王神力 - 2008-3-12 11:09:00
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2.dll]  [Symantec Corporation, 3.02.14.10]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2ID.dll]  [Symantec Corporation, 3.02.14.10]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2Zip.dll]  [Symantec Corporation, 3.02.14.10]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2SS.dll]  [Symantec Corporation, 3.02.14.10]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2GZIP.dll]  [Symantec Corporation, 3.02.14.10]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2CAB.dll]  [Symantec Corporation, 3.02.14.10]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2LHA.dll]  [Symantec Corporation, 3.02.14.10]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2ARJ.dll]  [Symantec Corporation, 3.02.14.10]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2TNEF.dll]  [Symantec Corporation, 3.02.14.10]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2LZ.dll]  [Symantec Corporation, 3.02.14.10]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2AMG.dll]  [Symantec Corporation, 3.02.14.10]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2RAR.dll]  [Symantec Corporation, 3.02.14.10]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2TAR.dll]  [Symantec Corporation, 3.02.14.10]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2RTF.dll]  [Symantec Corporation, 3.02.14.10]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2Text.dll]  [Symantec Corporation, 3.02.14.10]
    [C:\Program Files\Common Files\Symantec Shared\ccScan.dll]  [Symantec Corporation, 104.0.11.1]
    [C:\Program Files\Common Files\Symantec Shared\ecmldr32.DLL]  [Symantec Corporation, 51.3.0.11]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080306.003\ccEraser.dll]  [Symantec Corporation, 107.4.1.2]
    [C:\Program Files\Symantec AntiVirus\DefUtDCD.dll]  [Symantec Corporation, 3.1.13a.0]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080306.003\ecmsvr32.dll]  [Symantec Corporation, 71.4.0.15]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080306.003\NAVEX32a.DLL]  [Symantec Corporation, 20071.4.3.10]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080306.003\NAVENG32.DLL]  [Symantec Corporation, 20071.4.3.10]
    [C:\Program Files\Symantec AntiVirus\SAVRT32.DLL]  [Symantec Corporation, 9.7.2.3]
    [C:\Program Files\Symantec AntiVirus\IMail.dll]  [Symantec Corporation, 10.1.5.5000]
    [C:\Program Files\Symantec AntiVirus\vpmsece4.dll]  [Symantec Corporation, 10.1.5.5000]
    [C:\Program Files\Symantec AntiVirus\SymProtectStorage.dll]  [Symantec Corporation, 10.1.5.5000]
    [C:\Program Files\Common Files\Symantec Shared\DefUtDCD.dll]  [Symantec Corporation, 3.1.30.0]
[PID: 1728 / SYSTEM][C:\WINDOWS\system32\wuauclt.exe]  [Microsoft Corporation, 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1840 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 464 / dengjb][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll]  [Symantec Corporation, 10.1.5.5000]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[PID: 1484 / dengjb][C:\Program Files\Linkwork\EPolCC\EPolCCControl.Exe]  [Linkwork, 3, 71, 517, 1]
    [C:\Program Files\Linkwork\EPolCC\CommonFunc.dll]  [Linkwork, 3, 65, 912, 1]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[PID: 1652 / dengjb][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[PID: 2408 / SYSTEM][C:\WINDOWS\system32\drwtsn32.exe]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[PID: 2492 / SYSTEM][C:\WINDOWS\system32\msiexec.exe]  [Microsoft Corporation, 3.1.4000.1823]
[PID: 868 / SYSTEM][C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe]  [Symantec Corporation, 104.0.11.1]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Common Files\Symantec Shared\ccL40.dll]  [Symantec Corporation, 104.0.11.1]
    [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll]  [Symantec Corporation, 104.0.11.1]
    [C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll]  [Symantec Corporation, 104.0.11.1]
[PID: 2788 / SYSTEM][C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe]  [Symantec Corporation, 104.0.11.1]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Common Files\Symantec Shared\ccL40.dll]  [Symantec Corporation, 104.0.11.1]
    [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll]  [Symantec Corporation, 104.0.11.1]
    [C:\Program Files\Common Files\Symantec Shared\ccSet.dll]  [Symantec Corporation, 104.0.11.1]
[PID: 944 / dengjb][C:\Program Files\Common Files\Symantec Shared\ccApp.exe]  [Symantec Corporation, 104.0.11.1]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Common Files\Symantec Shared\ccL40.dll]  [Symantec Corporation, 104.0.11.1]
    [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll]  [Symantec Corporation, 104.0.11.1]
    [C:\Program Files\Common Files\Symantec Shared\ccSet.dll]  [Symantec Corporation, 104.0.11.1]
    [C:\PROGRA~1\COMMON~1\SYMANT~2\CCALERT.DLL]  [Symantec Corporation, 104.0.11.1]
    [C:\PROGRA~1\COMMON~1\SYMANT~2\CCEMLPXY.DLL]  [Symantec Corporation, 104.0.11.1]
    [C:\WINDOWS\system32\SYMREDIR.DLL]  [Symantec Corporation, 6.0.4.402]
    [C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll]  [Symantec Corporation, 104.0.11.1]
    [C:\Program Files\Common Files\Symantec Shared\ccProSub.dll]  [Symantec Corporation, 104.0.11.1]
    [C:\Program Files\Symantec AntiVirus\SavEmail.dll]  [Symantec Corporation, 10.1.5.5000]
[PID: 3300 / dengjb][G:\病毒检测工具\进程分析处理工具\sreng2.5.16.9\SRE.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [G:\病毒检测工具\进程分析处理工具\sreng2.5.16.9\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]

==================================
文件关联
.TXT  Error. [NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
进程特权扫描
特殊特权被允许: SeLoadDriverPrivilege [PID = 1248, C:\PROGRAM FILES\LINKWORK\EPOLCC\EPOLCC.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1484, C:\PROGRAM FILES\LINKWORK\EPOLCC\EPOLCCCONTROL.EXE]

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]
lqqk7 - 2008-3-12 11:19:00
这些文件都是什么,你得自己判断了
g:\mydocument\新建文件夹\virus\kill.exe
c:\windows\system32\drivers\apaidi.sys
c:\windows\system32\drivers\xfilemgr.sys
c:\dsoframer.ocx

看这个貌似这个驱动状态不太正常:
[SAVRT / SAVRT][Others/System Start]
  <\??\C:\Program Files\Symantec AntiVirus\savrt.sys><Symantec Corporation>
日不懂啊 - 2008-3-12 11:31:00
用一些安全软件修复修复看看有什么结果/

比如卡卡助手360优化大师什么的/
龙王神力 - 2008-3-12 12:37:00
引用:
【日不懂啊的贴子】用一些安全软件修复修复看看有什么结果/

比如卡卡助手360优化大师什么的/
………………


全都用过了,没效果
龙王神力 - 2008-3-12 12:42:00
引用:
【lqqk7的贴子】这些文件都是什么,你得自己判断了
g:\mydocument\新建文件夹\virus\kill.exe
c:\windows\system32\drivers\apaidi.sys
c:\windows\system32\drivers\xfilemgr.sys
c:\dsoframer.ocx

看这个貌似这个驱动状态不太正常:
[SAVRT / SAVRT][Others/System Start]
  <\??\C:\Program Files\Symantec AntiVirus\savrt.sys><Symantec Corporation>
………………

---------------------------------------
c:\dsoframer.ocx:这个比较可疑,下午去删了看看

c:\windows\system32\drivers\xfilemgr.sys这个是KillBadware流氓软件清除工具留下的

在上周五检查的两台机器上都发现两个不可删除的文件夹:
C:\WINDOWS\system32\FILTER.DLL
C:\WINDOWS\system32\drivers\APAIDI.SYS

这两个文件夹都不可删除,里面有文件夹名称为“免疫文件夹不要删除”,文件夹不能打开
不知道是哪个专杀工具留下的,还是病毒建立的?

我现在最怀疑的是这两个文件夹,因为无法打开,也不能删除,不知道其中有没有病毒文件。
不知道是哪个专杀工具留下的,还是病毒建立的


大家看看还有什么可以的地方吗?

有谁知道上面说的两个文件解决是哪个专杀工具留下的?
日不懂啊 - 2008-3-12 13:38:00
用附件的P处理删除看看呢

把要删除的文件夹拖到批处理文件上,一个DOS窗口闪一下就好了

附件: 8523742008312132614.rar
龙王神力 - 2008-3-12 14:43:00
我等下试试,谢谢
天月来了 - 2008-3-12 14:47:00
你在360那边还没弄哪??

360那边我就说看偶签名,弄个批处理搞了。
龙王神力 - 2008-3-15 22:01:00
引用:
【天月来了的贴子】你在360那边还没弄哪??

360那边我就说看偶签名,弄个批处理搞了。
………………


g:\mydocument\新建文件夹\virus\kill.exe
c:\windows\system32\drivers\apaidi.sys
c:\windows\system32\Folder.htt
c:\windows\system32\drivers\xfilemgr.sys
这些都删了,没用,问题仍然没有解决

到14号为止已经有5台机器出现这些问题,我想不出什么办法处理,操作人员也等不及了,把操作系统都重新安装过了。

估计还会不断出现有这种问题的电脑,但是我已经没什么招了

上次还有一个现象没有说到,
就是IE打开网页时第二级的链接大多数打不开。

其它现象:
1。不能用鼠标拖动文件;
2。不能在注册表中打开表项;
3。在“计算机管理”中的“事件察看器”、“服务”、“本地用户和组”中的对象都不能显示其“属性”;“磁盘管理”一打开,mmc.exe就出错关闭;
4。有一台电脑symantec antivirus客户端软件安装后不能启动“symantec antivirus”服务;有三台symantec antivirus客户端软件可以用。
天月来了 - 2008-3-15 22:19:00
我们也没法的。因为其他的方法,就都是需要你自己去看系统目录下是否有不明文件来判断了,文件量会很大,只能自己去耐心看。

别的没法。
龙王神力 - 2008-3-15 22:30:00
引用:
【天月来了的贴子】我们也没法的。因为其他的方法,就都是需要你自己去看系统目录下是否有不明文件来判断了,文件量会很大,只能自己去耐心看。

别的没法。
………………


唉。。。。
根据我的经验我都检查过了,也没发现什么可疑的文件:
磁盘根目录下;
C:\Program Files\Common Files\Microsoft Shared\MSInfo\;
C:\Program Files\Internet Explorer\PLUGINS;
windows;
system32;
system32\drivers;
这些地方都看过了

IE缓存和临时文件夹我也清空了

我怀疑是用户上网时直接从网页上调用了什么脚本把注册表中的一些项给改了,禁用了一些系统功能,但是以我现在的水平还不知道改了些什么地方,没办法修复。

有没有注册表配置方面的高手可以提供一些建议呢?

天月来了 - 2008-3-15 23:24:00
那你去系统软件区求助试试

不过那里人少,不容易有回答你的。

也建议你用瑞星的主动防御,监控一下主动防御能监控的所有地方,然后观察一阵,看结果怎样。
龙王神力 - 2008-3-17 1:30:00
引用:
【天月来了的贴子】那你去系统软件区求助试试
不过那里人少,不容易有回答你的。
也建议你用瑞星的主动防御,监控一下主动防御能监控的所有地方,然后观察一阵,看结果怎样。
………………


试试看吧
谢谢
1
查看完整版本: 【求助】怀疑有病毒,但找不到可疑文件[SREngLOG]
© 2000 - 2026 Rising Corp. Ltd.