瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 【求助】急急急!!请大虾帮帮杀掉这个病毒!在线等谢谢

12   2  /  2  页   跳转

【求助】急急急!!请大虾帮帮杀掉这个病毒!在线等谢谢

收藏
魔王的点心
头像
初生襁褓狮
  • 帖子:12
  • 注册: 2007-01-24
  • 来自:
发表于: 2007-01-24 15:22 | 只看楼主 短消息 资料
字号: 11楼

{CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
  {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[XML DOM Document]
  {F6D90F11-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, N/A>
[&使用迅雷下载]
  <D:\Program Files\Thunder Network\Thunder\Program\geturl.htm, N/A>
[&使用迅雷下载全部链接]
  <D:\Program Files\Thunder Network\Thunder\Program\getallurl.htm, N/A>
[上传到QQ网络硬盘]
  <F:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[导出到 Microsoft Excel(&x)]
  <res://E:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
  <F:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <F:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <F:\Program Files\Tencent\QQ\SendMMS.htm, N/A>

==================================
正在运行的进程
[PID: 616][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 680][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 704][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 748][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 760][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 948][C:\WINDOWS\system32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4110]
    [C:\WINDOWS\system32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2495]
[PID: 964][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1036][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1156][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1260][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1312][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1492][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\WINDOWS\system32\hpzlnt09.dll]  [HP, 2.240.0.0]
[PID: 1732][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Common Files\Ahead\Lib\NeroSearchBar.dll]  [Nero AG, 1, 5, 3, 0]
    [C:\Program Files\Common Files\Ahead\Lib\BCGCBPRO800u.dll]  [BCGSoft Ltd, 8, 00, 0, 0]
    [C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll]  [Nero AG, 2, 0, 0, 8]
    [C:\Program Files\JiangMin\AntiVirus\KVshell_1.dll]  [Jiangmin Co.Ltd, 1, 0, 7, 111]
    [C:\WINDOWS\system32\HiveBase.dll]  [Jiangmin Co., Ltd., 1, 0, 6, 1227]
    [C:\Program Files\JiangMin\AntiVirus\lang\kvxp0804_1.lng]  [N/A, N/A]
    [F:\GVO_OB\KOEIhokm.dll]  [KOEI Co.,Ltd., 1, 0, 0, 1]
[PID: 1872][C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe]  [ATI Technologies, Inc., 6.14.10.5134]
    [C:\Program Files\ATI Technologies\ATI Control Panel\atipdsxx.dll]  [ATI Technologies, Inc., 6.14.10.5134]
    [C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATRPUIXX.CHS]  [ATI Technologies, Inc., 6.14.10.5134]
    [C:\Program Files\ATI Technologies\ATI Control Panel\atipdxxx.dll]  [ATI Technologies, Inc., 6.14.10.5134]
[PID: 1972][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 260][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\ov519usd.dll]  [OmniVision Technologies Inc., 5.01.00.2601]
[PID: 1672][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1128][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1740][C:\Program Files\JiangMin\AntiVirus\KVWSC.exe]  [Jiangmin Co.,Ltd, 1, 0, 6, 919]
    [C:\Program Files\JiangMin\Kernel\EngFace.dll]  [Jiangmin Co., Ltd., 2, 0, 7, 119]
    [C:\WINDOWS\system32\HiveBase.dll]  [Jiangmin Co., Ltd., 1, 0, 6, 1227]
[PID: 312][C:\WINDOWS\system32\DllHost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\JiangMin\common\ComUI.dll]  [Jiangmin Co,.Ltd, 1, 0, 6, 908]
    [C:\Program Files\JiangMin\common\ComUIPS.dll]  [Jiangmin Co.Ltd, 1.0.0.808]
    [C:\Program Files\JiangMin\common\GUIEXT_1.DLL]  [Jiangmin Co.Ltd, 1, 0, 6, 1201]
    [C:\WINDOWS\system32\HiveBase.dll]  [Jiangmin Co., Ltd., 1, 0, 6, 1227]
    [C:\Program Files\JiangMin\common\lang\guiext0804.lng]  [JiangMin Ltd., 7, 1, 0, 200]
[PID: 1296][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 7.00.5730.11 (winmain(wmbla).061017-1135)]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
[PID: 4092][C:\WINDOWS\system32\wuauclt.exe]  [Microsoft Corporation, 5.8.0.2469 built by: lab01_n(wmbla)]
    [F:\GVO_OB\GVOnline.bin]  [KOEI Co., Ltd., 1.2.0.1]
    [F:\GVO_OB\KOEItlbm.dll]  [KOEI Co.,Ltd., 1, 0, 0, 4]
    [F:\GVO_OB\KOEIhokm.dll]  [KOEI Co.,Ltd., 1, 0, 0, 1]
    [F:\GVO_OB\GVONetRs.dll]  [KOEI Co., Ltd., 1.2.0.1]
    [F:\GVO_OB\KSndStr.dll]  [KOEI Co., Ltd., 1.0.0.0]
[PID: 976][C:\Program Files\WinRAR\WinRAR.exe]  [N/A, N/A]
[PID: 1600][C:\DOCUME~1\1\LOCALS~1\Temp\Rar$EX00.125\SREng.EXE]  [Smallfrogs Studio, 2.3.13.690]

==================================
文件关联
.TXT  Error. [C:\WINDOWS\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. [C:\WINDOWS\hh.exe %1]
.HLP  Error. [C:\WINDOWS\winhlp32.exe %1]
.INI  Error. [C:\WINDOWS\NOTEPAD.EXE %1]
.INF  Error. [C:\WINDOWS\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
API HOOK
N/A

==================================


[/CODE]
gototop
 
魔王的点心
头像
初生襁褓狮
  • 帖子:12
  • 注册: 2007-01-24
  • 来自:
发表于: 2007-01-24 15:23 | 只看楼主 短消息 资料
字号: 12楼

有点长~~辛苦了~~T T 谢谢了
gototop
 
魔王的点心
头像
初生襁褓狮
  • 帖子:12
  • 注册: 2007-01-24
  • 来自:
发表于: 2007-01-24 15:48 | 只看楼主 短消息 资料
字号: 13楼

能帮我解决一下吗 谢谢了在线等
gototop
 
魔王的点心
头像
初生襁褓狮
  • 帖子:12
  • 注册: 2007-01-24
  • 来自:
发表于: 2007-01-24 16:15 | 只看楼主 短消息 资料
字号: 14楼

- -?帮帮忙大家谢谢555
gototop
 
yimike
头像
初生襁褓狮
  • 帖子:14
  • 注册: 2007-01-24
  • 来自:
发表于: 2007-01-24 16:29 | 短消息 资料
字号: 15楼

你发到江民论坛去    江民论坛高手多
gototop
 
yimike
头像
初生襁褓狮
  • 帖子:14
  • 注册: 2007-01-24
  • 来自:
发表于: 2007-01-24 16:34 | 短消息 资料
字号: 16楼

另外    出现很多IE进程时截个图  OK?
gototop
 
<<上一主题|下一主题>>
12   2  /  2  页   跳转
页面顶部
Powered by Discuz!NT