瑞星卡卡安全论坛

首页 » 技术交流区 » 反病毒/反流氓软件论坛 » 版主帮忙看下。。附日志。。
天使_angel - 2008-5-30 19:09:00
:kaka4: 版主哥哥帮忙看下是不是还有毒呀。。。。我系统进程里面出现了_bnyunxing(数字)从1-34 我郁闷了。。。。

用户系统信息:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Mozilla/4.0(Compatible EmbeddedWB- 14.59  from: http://bsalsa.com/ )

附件: 新建 文本文档 (2).txt
超级游戏迷 - 2008-5-30 19:20:00
问题项目如下:

注册表:
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <hefcndy><; C:\WINDOWS\hefcndy.exe>  [File is missing]
    <ticisms><C:\WINDOWS\ticisms.exe>  [File is missing]
    <cinfonmc><C:\WINDOWS\cinfonmc.exe>  [File is missing]
    <isndntio><C:\WINDOWS\isndntio.exe>  [File is missing]
    <fmsiocps><C:\WINDOWS\fmsiocps.exe>  [File is missing]
    <anistio><C:\WINDOWS\anistio.exE>  [File is missing]
    <dionpis><C:\WINDOWS\dionpis.exe>  [File is missing]
    <mfchlp64><C:\WINDOWS\mfchlp64.exe>  [File is missing]
    <jscuwqve><C:\WINDOWS\suqepzru.exe>  [File is missing]
    <fmsjhif><C:\WINDOWS\fmsjhif.exe>  [File is missing]
    <fmsbbqi><C:\WINDOWS\fmsbbqi.exe>  [File is missing]
    <dbhlp32><C:\WINDOWS\dbhlp32.exe>  [File is missing]
    <tciocp64><C:\WINDOWS\tciocp64.exe>  [File is missing]
    <ptshell><C:\WINDOWS\ptshell.exe>  [File is missing]
    <huifitc><C:\WINDOWS\huifitc.exe>  [File is missing]
    <bincdwsa><C:\WINDOWS\bincdwsa.exe>  [File is missing]
    <fmbiost><C:\WINDOWS\fmbiost.exe>  [File is missing]
    <dndsioc><C:\WINDOWS\dndsioc.exe>  [File is missing]
    <yuiabct><C:\WINDOWS\yuiabct.exe>  [File is missing]
    <wipicdec><C:\WINDOWS\wipicdec.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.exe]
    <IFEO[360rpt.exe]><ntsd -D>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safe.exe]
    <IFEO[360safe.exe]><ntsd -D>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safebox.exe]
    <IFEO[360safebox.exe]><ntsd -D>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe]
    <IFEO[360tray.exe]><ntsd -D>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe]
    <IFEO[CCenter.exe]><ntsd -D>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPPMain.exe]
    <IFEO[KPPMain.exe]><ntsd -D>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatch.exe]
    <IFEO[KWatch.exe]><ntsd -D>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQDoctor.exe]
    <IFEO[QQDoctor.exe]><ntsd -D>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQKav.exe]
    <IFEO[QQKav.exe]><ntsd -D>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMon.exe]
    <IFEO[RavMon.exe]><ntsd -D>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMonD.exe]
    <IFEO[RavMonD.exe]><ntsd -D>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safeboxTray.exe]
    <IFEO[safeboxTray.exe]><ntsd -D>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tqat.exe]
    <IFEO[tqat.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><SysDaJHv.dll,fmsiocps.dll,davuqe.dll,msosmhfp01.dll,nzcbhs.dll,msoscqit00.dll,nicozftp01.dll,msosdohs02.dll,msosfmsq01.dll,msosmnsf00.dll,msosjtio01.dll,msosptfs00.dll,wipicdec.dll>  [File is missing]


驱动程序:
[Atixeve23750 / Atixeve23750][Stopped/Manual Start]
  <\??\C:\WINDOWS\TEMP\~wxp2ins.468.tmp><N/A>
[cafesvr / cafesvr][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\cafesvr><N/A>
[cqit / cqit][Stopped/Auto Start]
  <\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpD.tmp><N/A>
[dohs / dohs][Stopped/Auto Start]
  <\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp11.tmp><N/A>
[fmsq / fmsq][Stopped/Auto Start]
  <\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpF.tmp><N/A>
[ilgta / ilgta9][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\ilgta9.sys><N/A>
[jtio / jtio][Stopped/Auto Start]
  <\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp15.tmp><N/A>
[k9xv / k9xv][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\k9xv.sys><N/A>
[mhfp / mhfp][Stopped/Auto Start]
  <\??\C:\WINDOWS\TEMP\tmp1.tmp><N/A>
[mnsf / mnsf][Stopped/Auto Start]
  <\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp13.tmp><N/A>
[msfpfis64 / msfpfis64][Stopped/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\msosmsfpfis64.sys><N/A>
[msp2p32 / msp2p32][Stopped/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\msosmsp2p32.sys><N/A>
[ping / ping][Stopped/Auto Start]
  <\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp19.tmp><N/A>
[pmkkge / pmkkge][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\pmkkge><N/A>
[ptfs / ptfs][Stopped/Auto Start]
  <\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp17.tmp><N/A>
[zftp / zftp][Stopped/Auto Start]
  <\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp9.tmp><N/A>
[zzxurs / zzxurs][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\zzxurs><N/A>


浏览器加载项
[Info cache]
  {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} <C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll, N/A>
[]
  {398C9B84-4EF7-47B5-9862-DE29543B3C42} <C:\Program Files\Internet Explorer\PLUGINS\DosSys16.Sys, N/A>
[Info cache]
  {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} <C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll, N/A>
[]
  {398C9B84-4EF7-47B5-9862-DE29543B3C42} <C:\Program Files\Internet Explorer\PLUGINS\DosSys16.Sys, N/A>



正在运行的进程(不含以上问题项目对应的文件)
C:\WINDOWS\system32\davuqe.dll
C:\WINDOWS\system32\nzcbhs.dll
天使_angel - 2008-5-30 19:33:00
:kaka6: 怎么弄呀。。。版主。。你不告诉我怎么弄。。我不会呀。。。。是删除还是。。其它什么操作呀
超级游戏迷 - 2008-5-30 19:37:00
现在用的是单位机,杀毒步骤的格式文件没有,叙述起来很麻烦,等我晚上补充或等其他版主回复具体操作步骤……
豪斯登堡新郎 - 2008-5-30 19:54:00
以下操作在下载所需要软件后重起按F8进入安全模式进行

这里官网下载费尔木马强力清除助手,勾选“清除,并抑制文件再次生成”后删除以下文件(一些文件已经不存在,不过不要管,抑制再生删除一次没害处):
http://dl.filseclab.com/down/powerrmv.zip

c:\windows\system32\davuqe.dll
c:\windows\system32\nzcbhs.dll
c:\windows\hefcndy.exe
c:\windows\ticisms.exe
c:\windows\cinfonmc.exe
c:\windows\isndntio.exe
c:\windows\fmsiocps.exe
c:\windows\anistio.exe
c:\windows\dionpis.exe
c:\windows\mfchlp64.exe
c:\windows\suqepzru.exe
c:\windows\fmsjhif.exe
c:\windows\fmsbbqi.exe
c:\windows\dbhlp32.exe
c:\windows\tciocp64.exe
c:\windows\ptshell.exe
c:\windows\huifitc.exe
c:\windows\bincdwsa.exe
c:\windows\fmbiost.exe
c:\windows\dndsioc.exe
c:\windows\yuiabct.exe
c:\windows\wipicdec.exe
c:\windows\temp\~wxp2ins.468.tmp
c:\windows\system32\cafesvr
c:\windows\system32\zzxurs
c:\docume~1\admini~1\locals~1\temp\tmp9.tmp
c:\docume~1\admini~1\locals~1\temp\tmp17.tmp
c:\windows\system32\pmkkge
c:\docume~1\admini~1\locals~1\temp\tmp19.tmp
c:\windows\system32\drivers\msosmsp2p32.sys
c:\windows\system32\drivers\msosmsfpfis64.sys
c:\docume~1\admini~1\locals~1\temp\tmp13.tmp
c:\windows\temp\tmp1.tmp
c:\windows\system32\drivers\k9xv.sys
c:\docume~1\admini~1\locals~1\temp\tmp15.tmp
c:\windows\system32\drivers\ilgta9.sys
c:\docume~1\admini~1\locals~1\temp\tmpf.tmp
c:\docume~1\admini~1\locals~1\temp\tmp11.tmp
c:\docume~1\admini~1\locals~1\temp\tmpd.tmp
c:\windows\system32\drivers\npf.sys
c:\program files\internet explorer\plugins\dossys16.sys
c:\documents and settings\all users\application data\microsoft\pctools\pctools.dll
c:\program files\common files\cpush\cpush1.dll

2.删除重启后使用SREng修复下面各项:

    启动项目 -- 注册表之如下项删除:
[hefcndy] 
[ticisms] 
[cinfonmc]
[isndntio]
[fmsiocps]
[anistio] 
[dionpis] 
[mfchlp64]
[jscuwqve]
[fmsjhif] 
[fmsbbqi] 
[dbhlp32] 
[tciocp64]
[ptshell] 
[huifitc] 
[bincdwsa]
[fmbiost] 
[dndsioc] 
[yuiabct] 
[wipicdec]
注意该项[AppInit_DLLs]修改:把<SysDaJHv.dll,fmsiocps.dll,davuqe.dll,msosmhfp01.dll,nzcbhs.dll,msoscqit00.dll,nicozftp01.dll,msosdohs02.dll,msosfmsq01.dll,msosmnsf00.dll,msosjtio01.dll,msosptfs00.dll,wipicdec.dll>修改为<>即清空
[IFEO[360rpt.exe]]   
[IFEO[360safe.exe]] 
[IFEO[360safebox.exe]]
[IFEO[360tray.exe]] 
[IFEO[CCenter.exe]] 
[IFEO[KPPMain.exe]] 
[IFEO[KWatch.exe]]   
[IFEO[QQDoctor.exe]] 
[IFEO[QQKav.exe]]   
[IFEO[RavMon.exe]]   
[IFEO[RavMonD.exe]] 
[IFEO[safeboxTray.exe]] 
[IFEO[tqat.exe]] 

    启动项目 -- 服务-- 驱动程序之如下项删除:
[Atixeve23750 / Atixeve23750]   
[cafesvr / cafesvr]
[zzxurs / zzxurs] 
[zftp / zftp] 
[ptfs / ptfs] 
[pmkkge / pmkkge]
[ping / ping]   
[msp2p32 / msp2p32]   
[msfpfis64 / msfpfis64]
[mnsf / mnsf] 
[mhfp / mhfp] 
[k9xv / k9xv] 
[jtio / jtio] 
[ilgta / ilgta9]
[fmsq / fmsq] 
[dohs / dohs] 
[cqit / cqit] 
[Netgroup Packet Filter / NPF]

    系统修复-- 浏览器加载项之如下项删除:
[]    <C:\Program Files\Internet Explorer\PLUGINS\DosSys16.Sys>
[]    <C:\Program Files\Internet Explorer\PLUGINS\DosSys16.Sys>
[Info cache]    <C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll>
[CAdLogic Object]    <C:\Program Files\Common Files\CPUSH\cpush1.dll>

做完下载以下软件清理一次并更新杀毒软件至最新进行全盘杀毒一次

清理系统临时文件和IE临时文件夹
http://www.atribune.org/public-beta/ATF-Cleaner.exe
用金山清理专家清理恶意软件
http://www.duba.net/zt/ksc/down.shtml
下载 windows清理助手清理一遍
http://www.arswp.com/download/arswp2/arswp2.zip
天使_angel - 2008-5-30 21:58:00
版主大哥。。。。我按你说的办法做了。。。结果IFEO[360rpt.exe]]   
[IFEO[360safe.exe]] 
[IFEO[360safebox.exe]]
[IFEO[360tray.exe]] 
[IFEO[CCenter.exe]] 
[IFEO[KPPMain.exe]] 
[IFEO[KWatch.exe]]   
[IFEO[QQDoctor.exe]] 
[IFEO[QQKav.exe]]   
[IFEO[RavMon.exe]]   
[IFEO[RavMonD.exe]] 
[IFEO[safeboxTray.exe]] 
[IFEO[tqat.exe]] 
一直都删不掉。。。。郁闷呀!!
天使_angel - 2008-5-30 22:08:00
我又把 按你操作后的日志扫了上来。,。。版主大哥。。在麻烦看下:default2: 。。小弟 都有点不好意思了 。。。。我是只菜鸟。。。。。

附件: 新建 文本文档 (2).txt
1
查看完整版本: 版主帮忙看下。。附日志。。
© 2000 - 2026 Rising Corp. Ltd.