瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 【求助】恶意程序IS88VIVI是何种病毒,怎么无法清除掉?

12   2  /  2  页   跳转

【求助】恶意程序IS88VIVI是何种病毒,怎么无法清除掉?

收藏
zhongyiyi
头像
初生襁褓狮
  • 帖子:15
  • 注册: 2006-11-23
  • 来自:
发表于: 2006-11-25 11:12 | 短消息 资料
字号: 11楼


==================================

[PID: 1476][F:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe]  [N/A, N/A]
[PID: 1528][C:\Program Files\Apache Group\Apache2\bin\Apache.exe]  [Apache Software Foundation, 2.0.58]
    [C:\Program Files\Apache Group\Apache2\bin\libapr.dll]  [Apache Software Foundation, 0.9.12]
    [C:\Program Files\Apache Group\Apache2\bin\libaprutil.dll]  [Apache Software Foundation, 0.9.12]
    [C:\Program Files\Apache Group\Apache2\bin\libapriconv.dll]  [Apache Software Foundation, 0.9.7]
    [C:\Program Files\Apache Group\Apache2\bin\libhttpd.dll]  [Apache Software Foundation, 2.0.58]
    [C:\Program Files\Apache Group\Apache2\modules\mod_access.so]  [Apache Software Foundation, 2.0.58]
    [C:\Program Files\Apache Group\Apache2\modules\mod_actions.so]  [Apache Software Foundation, 2.0.58]
    [C:\Program Files\Apache Group\Apache2\modules\mod_alias.so]  [Apache Software Foundation, 2.0.58]
    [C:\Program Files\Apache Group\Apache2\modules\mod_asis.so]  [Apache Software Foundation, 2.0.58]
    [C:\Program Files\Apache Group\Apache2\modules\mod_auth.so]  [Apache Software Foundation, 2.0.58]
    [C:\Program Files\Apache Group\Apache2\modules\mod_autoindex.so]  [Apache Software Foundation, 2.0.58]
    [C:\Program Files\Apache Group\Apache2\modules\mod_cgi.so]  [Apache Software Foundation, 2.0.58]
    [C:\Program Files\Apache Group\Apache2\modules\mod_dir.so]  [Apache Software Foundation, 2.0.58]
    [C:\Program Files\Apache Group\Apache2\modules\mod_env.so]  [Apache Software Foundation, 2.0.58]
    [C:\Program Files\Apache Group\Apache2\modules\mod_imap.so]  [Apache Software Foundation, 2.0.58]
    [C:\Program Files\Apache Group\Apache2\modules\mod_include.so]  [Apache Software Foundation, 2.0.58]
    [C:\Program Files\Apache Group\Apache2\modules\mod_isapi.so]  [Apache Software Foundation, 2.0.58]
    [C:\Program Files\Apache Group\Apache2\modules\mod_log_config.so]  [Apache Software Foundation, 2.0.58]
    [C:\Program Files\Apache Group\Apache2\modules\mod_mime.so]  [Apache Software Foundation, 2.0.58]
    [C:\Program Files\Apache Group\Apache2\modules\mod_negotiation.so]  [Apache Software Foundation, 2.0.58]
    [C:\Program Files\Apache Group\Apache2\modules\mod_setenvif.so]  [Apache Software Foundation, 2.0.58]
    [C:\Program Files\Apache Group\Apache2\modules\mod_userdir.so]  [Apache Software Foundation, 2.0.58]
    [C:\php5\php5apache2.dll]  [The PHP Group, 5.1.4.4]
    [C:\WINDOWS\php5ts.dll]  [The PHP Group, 5.1.4.4]
    [C:\php5\php5ts.dll]  [The PHP Group, 5.1.4.4]
    [c:\php5\ext\php_mbstring.dll]  [The PHP Group, 5.1.4.4]
    [c:\php5\ext\php_dba.dll]  [The PHP Group, 5.1.4.4]
    [c:\php5\ext\php_dbase.dll]  [The PHP Group, 5.1.4.4]
    [c:\php5\ext\php_gd2.dll]  [The PHP Group, 5.1.4.4]
    [c:\php5\ext\php_mssql.dll]  [The PHP Group, 5.1.4.4]
    [c:\php5\ext\php_mysql.dll]  [The PHP Group, 5.1.4.4]
    [C:\WINDOWS\System32\LIBMYSQL.dll]  [N/A, N/A]
[PID: 1564][C:\WINDOWS\System32\Com\SERVICES.EXE]  [N/A, N/A]
[PID: 2096][C:\WINDOWS\System32\nvsvc32.exe]  [NVIDIA Corporation, 6.14.10.4467]
[PID: 2136][C:\WINDOWS\system32\slserv.exe]  [ , 2.80.00(24Apr2000)]
[PID: 2296][C:\WINDOWS\System32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [Yahoo! China, 3, 0, 3, 1021]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll]  [Yahoo! China, 3, 1, 6, 1022]
[PID: 2656][C:\KAV6\KpopMon.EXE]  [, 2004, 2, 2, 31]
    [C:\KAV6\KAVMLM.DLL]  [Kingsoft Corporation, 2003.11.12.10]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [Yahoo! China, 3, 0, 3, 1021]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll]  [Yahoo! China, 3, 1, 6, 1022]
[PID: 2664][C:\KAV6\KAVPFW.EXE]  [Kingsoft Corporation, 2004, 8, 16, 295]
    [C:\KAV6\KAVMLM.DLL]  [Kingsoft Corporation, 2003.11.12.10]
    [C:\KAV6\PFWScanC.dll]  [KingSoft, 2002, 4, 12, 3]
    [C:\KAV6\KAMsgBox.dll]  [, 2002.9.27.30]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [Yahoo! China, 3, 0, 3, 1021]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll]  [Yahoo! China, 3, 1, 6, 1022]
    [C:\KAV6\NetShare.dll]  [Kingsoft Antivirus, 2004, 2, 20, 67]
    [C:\KAV6\KAEPlat.DLL]  [Kingsoft Corp., 2005, 12, 29, 56]
    [C:\KAV6\KAEMem.DAT]  [Kingsoft, 2006, 4, 12, 13]
    [C:\KAV6\KAEUnpack.DAT]  [Kingsoft Corp., 2006, 6, 15, 44]
    [C:\KAV6\KAEQSCAN.DLL]  [Kingsoft Corp, 2004, 3, 26, 69]
    [C:\KAV6\KAVLogFn.dll]  [N/A, 2003, 11, 26, 16]
[PID: 2712][C:\KAV6\KWatchUI.EXE]  [, 2004.1.6.119]
    [C:\KAV6\kavcomm.dll]  [Kingsoft Corporation, 2003, 11, 12, 66]
    [C:\KAV6\kavdlg.dll]  [, 2004.7.20.81]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [Yahoo! China, 3, 0, 3, 1021]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll]  [Yahoo! China, 3, 1, 6, 1022]
    [C:\KAV6\KAVMLM.DLL]  [Kingsoft Corporation, 2003.11.12.10]
    [C:\KAV6\RpcBrge.DLL]  [kingsoft, 2003, 11, 12, 64]
[PID: 2744][C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe]  [Yahoo! China, 3, 1, 6, 1022]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll]  [Yahoo! China, 3, 1, 6, 1022]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [Yahoo! China, 3, 0, 3, 1021]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\yaLive.dll]  [yahoo! china, 3, 4, 8, 1099]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll]  [Yahoo! China, 3, 0, 1, 1010]
[PID: 2760][C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe]  [Yahoo! China, 3, 0, 2, 1003]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll]  [Yahoo! China, 3, 1, 6, 1022]
    [C:\PROGRA~1\Yahoo!\Assistant\shell\yAsMenu.dll]  [Yahoo! China, 3, 0, 0, 1001]
    [C:\PROGRA~1\Yahoo!\Assistant\shell\yAssecblk.dll]  [Yahoo! China, 3, 1, 0, 1013]
    [C:\PROGRA~1\Yahoo!\Assistant\shell\yIEAngel.dll]  [Yahoo! China, 3, 0, 1, 1001]
    [C:\PROGRA~1\Yahoo!\Assistant\shell\yMenuInfo.dll]  [Yahoo! China, 3, 0, 0, 1000]
[PID: 2824][C:\KAV6\KAVPlus.EXE]  [, 2004, 3, 3, 71]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [Yahoo! China, 3, 0, 3, 1021]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll]  [Yahoo! China, 3, 1, 6, 1022]
[PID: 3008][C:\WINDOWS\System32\taskmgr.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [Yahoo! China, 3, 0, 3, 1021]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll]  [Yahoo! China, 3, 1, 6, 1022]
[PID: 3068][C:\WINDOWS\system32\NOTEPAD.EXE]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [Yahoo! China, 3, 0, 3, 1021]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll]  [Yahoo! China, 3, 1, 6, 1022]
[PID: 3080][C:\WINDOWS\system32\notepad.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [Yahoo! China, 3, 0, 3, 1021]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll]  [Yahoo! China, 3, 1, 6, 1022]
[PID: 3124][C:\KAV6\Kav32.EXE]  [Kingsoft Corporation, 2004.10.11.333]
    [C:\KAV6\kavcomm.dll]  [Kingsoft Corporation, 2003, 11, 12, 66]
    [C:\KAV6\kav32fn.dll]  [Kingsoft Corporation, 2004, 7, 15, 92]
    [C:\KAV6\kaeqscan.dll]  [Kingsoft Corp, 2004, 3, 26, 69]
    [C:\KAV6\kavset.dll]  [Kingsoft, 2004.9.1.85]
    [C:\KAV6\kavselectip.dll]  [, 2003, 12, 17, 5]
    [C:\KAV6\kavdlg.dll]  [, 2004.7.20.81]
    [C:\KAV6\kavpid.dll]  [Kingsoft Corp, 2001, 11, 21, 1]
    [C:\KAV6\KAVMLM.DLL]  [Kingsoft Corporation, 2003.11.12.10]
    [C:\KAV6\KAVIPC.DLL]  [Kingsoft Corp., 2002, 3, 29, 8]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [Yahoo! China, 3, 0, 3, 1021]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll]  [Yahoo! China, 3, 1, 6, 1022]
    [C:\KAV6\KAVLogFn.dll]  [N/A, 2003, 11, 26, 16]
    [C:\KAV6\RpcBrge.DLL]  [kingsoft, 2003, 11, 12, 64]
    [C:\KAV6\KAVRESD.DLL]  [Kingsoft Corporation, 2003.12.16.81]
[PID: 3260][C:\Documents and Settings\Administrator\My Documents\SREng\SREng.exe]  [Smallfrogs Studio, 2.2.6.605]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [Yahoo! China, 3, 0, 3, 1021]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll]  [Yahoo! China, 3, 1, 6, 1022]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
gototop
 
天健行者
头像
初生襁褓狮
  • 帖子:93
  • 注册: 2006-06-18
  • 来自:
发表于: 2006-11-25 16:42 | 短消息 资料
字号: 12楼

结束进程 [PID: 1564][C:\WINDOWS\System32\Com\SERVICES.EXE

删除文件 C:\WINDOWS\System32\Com\SERVICES.EXE
        C:\WINDOWS\System32\761ECBB0.EXE
        C:\WINDOWS\System32\90816FB5.EXE

                                  学习中
gototop
 
<<上一主题|下一主题>>
12   2  /  2  页   跳转
页面顶部
Powered by Discuz!NT