1   1  /  1  页   跳转

急救!!!使上强悍的病毒!

收藏
13707377134
头像
初生襁褓狮
  • 帖子:46
  • 注册: 2004-07-17
  • 来自:
发表于: 2007-04-11 16:51 | 只看楼主 短消息 资料
字号: 1楼

急救!!!使上强悍的病毒!

最近公司中毒 A.exe  sxe.exe 还有其他木马 造成网络堵塞  抓了几台机器 重做系统(硬盘全盘格式化),  装完不到半个小时又跑出来,  瑞星杀不了装卡巴.  卡巴杀清除病毒一段时间后又发作 ,  神啊!!  来救救我吧!
最后编辑2007-04-11 17:23:35
分享到:
gototop
 
姑苏残月
头像
叱咤花甲狮
  • 帖子:2464
  • 注册: 2007-01-27
  • 来自:
发表于: 2007-04-11 16:54 | 短消息 资料
字号: 2楼

下载SRENG,扫描日志发上来,小病毒,不是那么严重
gototop
 
13707377134
头像
初生襁褓狮
  • 帖子:46
  • 注册: 2004-07-17
  • 来自:
发表于: 2007-04-11 16:58 | 只看楼主 短消息 资料
字号: 3楼

未知家族病毒分析
扫描结果:
无可疑文件


系统活动进程
C:\WINNT\EXPLORER.EXE
C:\WINNT\APPPATCH\ACLAYERS.DLL
C:\WINNT\SYSTEM32\WDMAUD.DRV
C:\WINNT\SYSTEM32\MSACM32.DRV
C:\WINNT\SYSTEM32\IGFXPPH.DLL
C:\WINNT\SYSTEM32\HCCUTILS.DLL
C:\WINNT\SYSTEM32\IGFXRES.DLL
C:\WINNT\SYSTEM32\IGFXSRVC.DLL
C:\WINNT\SYSTEM32\MSADP32.ACM
C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 6.0\SCR_CH_PG.DLL
C:\WINNT\SYSTEM32\MSVCP60.DLL
C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 6.0\KLSCAV.DLL
C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 6.0\PR_REMOTE.DLL
C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 6.0\PRLOADER.DLL
C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 6.0\PRKERNEL.PPL
C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 6.0\PARAMS.PPL
C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 6.0\PXSTUB.PPL
C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 6.0\TEMPFILE.PPL
C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\ACROBAT ELEMENTS\CONTEXTMENU.CHS
C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\ACROBAT\ACTIVEX\ACROIEHELPER.DLL
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE11\MSOHEV.DLL
C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 6.0\SHELLEX.DLL
C:\PROGRAM FILES\WINRAR\RAREXT.DLL
C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\ACROBAT ELEMENTS\CONTEXTMENU.DLL

C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE11\EXCEL.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\OFFICE11\MSO.DLL
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE11\GDIPLUS.DLL
C:\PROGRA~1\MICROS~2\OFFICE11\ADDINS\SYMINPUT.DLL
C:\WINNT\SYSTEM32\MSVBVM60.DLL
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\OFFICE11\RICHED20.DLL
C:\WINNT\SYSTEM32\PINTLGNT.IME
C:\WINNT\SYSTEM32\WINWB86.IME
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE11\MSOSTYLE.DLL
C:\WINNT\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CNMUI6E.DLL
C:\WINNT\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CNMDR6E.DLL
C:\WINNT\SYSTEM32\WDMAUD.DRV
C:\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA6\VBE6.DLL
C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 6.0\OFFGUARD.DLL
C:\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA6\2052\VBE6INTL.DLL

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\ACROBAT\ACTIVEX\ACROIEHELPER.DLL
C:\WINNT\SYSTEM32\XUNLEIBHO_001.DLL
C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\ACROBAT\ACROIEFAVCLIENT.DLL
C:\WINNT\SYSTEM32\MSVCP60.DLL
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE11\MSOHEV.DLL
C:\WINNT\SYSTEM32\WDMAUD.DRV
C:\WINNT\SYSTEM32\MSACM32.DRV
C:\WINNT\SYSTEM32\MSADP32.ACM
C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 6.0\SCR_CH_PG.DLL
C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 6.0\KLSCAV.DLL
C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 6.0\PR_REMOTE.DLL
C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 6.0\PRLOADER.DLL
C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 6.0\PRKERNEL.PPL
C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 6.0\PARAMS.PPL
C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 6.0\PXSTUB.PPL
C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 6.0\TEMPFILE.PPL
C:\WINNT\SYSTEM32\WINPY.IME
C:\WINNT\SYSTEM32\WINZM.IME
C:\WINNT\SYSTEM32\WINABC.IME
C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 6.0\NFIO.PPL
C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 6.0\FSDRVPLGN.PPL
C:\WINNT\SYSTEM32\MACROMED\FLASH\FLASH9B.OCX
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\OFFICE11\MSOXMLMF.DLL

C:\WINNT\SYSTEM32\HKCMD.EXE
C:\WINNT\SYSTEM32\HCCUTILS.DLL
C:\WINNT\SYSTEM32\IGFXDEV.DLL
C:\WINNT\SYSTEM32\IGFXSRVC.DLL
C:\WINNT\SYSTEM32\IGFXHK.DLL
C:\WINNT\SYSTEM32\IGFXRES.DLL

C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\DISTILLR\ACROTRAY.EXE
C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\DISTILLR\ACROTRAY.CHS

C:\WINNT\SOUNDMAN.EXE
C:\WINNT\SYSTEM32\INTERNAT.EXE
C:\DOCUMENTS AND SETTINGS\崔艳红1\桌面\RSDETECT.EXE

普通自启动项
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Internat.exe = INTERNAT.EXE


系统文件关联
.exe ==> exefile = "%1" %*
.com ==> comfile = "%1" %*
.cmd ==> cmdfile = "%1" %*
.bat ==> batfile = "%1" %*
.txt ==> txtfile = %SystemRoot%\system32\NOTEPAD.EXE %1
.scr ==> scrfile = "%1" /S
.reg ==> regfile = regedit.exe "%1"
.doc ==> Word.Document.8 = "C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE" /n /dde

其它启动项
WIN.INI
无信息

SYSTEM.INI
SHELL = Explorer.exe
SCRNSAVE.EXE = (无)


Winlogon 启动项
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

IE - BHO

Winsock SPI
MSAFD Tcpip [TCP/IP] = C:\WINNT\SYSTEM32\MSAFD.DLL
MSAFD Tcpip [UDP/IP] = C:\WINNT\SYSTEM32\MSAFD.DLL
MSAFD Tcpip [RAW/IP] = C:\WINNT\SYSTEM32\MSAFD.DLL
RSVP UDP Service Provider = C:\WINNT\SYSTEM32\RSVPSP.DLL
RSVP TCP Service Provider = C:\WINNT\SYSTEM32\RSVPSP.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{0686DA94-D963-4D1A-A075-92DF2F2CCD53}] SEQPACKET 0 = C:\WINNT\SYSTEM32\MSAFD.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{0686DA94-D963-4D1A-A075-92DF2F2CCD53}] DATAGRAM 0 = C:\WINNT\SYSTEM32\MSAFD.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{EC061619-7ECE-423A-8B5C-663F204E862C}] SEQPACKET 1 = C:\WINNT\SYSTEM32\MSAFD.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{EC061619-7ECE-423A-8B5C-663F204E862C}] DATAGRAM 1 = C:\WINNT\SYSTEM32\MSAFD.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{9185B77E-259F-4677-B793-BFB8AAFD8926}] SEQPACKET 2 = C:\WINNT\SYSTEM32\MSAFD.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{9185B77E-259F-4677-B793-BFB8AAFD8926}] DATAGRAM 2 = C:\WINNT\SYSTEM32\MSAFD.DLL

系统服务项

文件驱动

系统驱动项
gototop
 
13707377134
头像
初生襁褓狮
  • 帖子:46
  • 注册: 2004-07-17
  • 来自:
发表于: 2007-04-11 16:59 | 只看楼主 短消息 资料
字号: 4楼

关键在于我重做系统后什么也不动  他自己也发作
gototop
 
火影忍者
头像
横据古稀狮
  • 帖子:7855
  • 注册: 2006-06-29
  • 来自:火星
发表于: 2007-04-11 17:02 | 短消息 资料
字号: 5楼

下载 System Repair Engineer,
http://www.kztechs.com/sreng/download.html
1 解压缩sreng2.zip
2 运行SREng.exe
3 智能扫描=》扫描=》保存报告
4 把日志中的报告完整拷贝贴上来,不要修改
gototop
 
姑苏残月
头像
叱咤花甲狮
  • 帖子:2464
  • 注册: 2007-01-27
  • 来自:
发表于: 2007-04-11 17:05 | 短消息 资料
字号: 6楼

换SRENG扫日志,要不你重做系统时选择全部格式化硬盘
gototop
 
13707377134
头像
初生襁褓狮
  • 帖子:46
  • 注册: 2004-07-17
  • 来自:
发表于: 2007-04-11 17:11 | 只看楼主 短消息 资料
字号: 7楼

大哥 我做系统时是选择的全盘格式化·
gototop
 
13707377134
头像
初生襁褓狮
  • 帖子:46
  • 注册: 2004-07-17
  • 来自:
发表于: 2007-04-11 17:32 | 只看楼主 短消息 资料
字号: 8楼

2007-04-11,17:00:34

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Professional Service Pack 4 (Build 2195) - 管理权限用户 - 完整功能

以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件


启动项目


注册表

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
(Internat.exe)(internat.exe) [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
(load)() [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
(Synchronization Manager)(mobsync.exe /logon) [(Verified)Microsoft Windows 2000 Publisher]
(NvCplDaemon)(RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup) [(Verified)Microsoft Windows Hardware Compatibility Publisher]
(nwiz)(nwiz.exe /install) []
(NvMediaCenter)(RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit) [(Verified)Microsoft Windows Hardware Compatibility Publisher]
(TkBellExe)("C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot) [RealNetworks, Inc.]
(AutoRegC)(autoregc.exe) []
(kav)("C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe") [Kaspersky Lab]
(360Safetray)(C:\Program Files\360safe\safemon\360Tray.exe /start) [奇虎网]
(HDCSP RegCertTool)(C:\Program Files\95599 Certificate Tools\CIDC\RegCertTool.exe) [CIDC]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
(shell)(Explorer.exe) [(Verified)Microsoft Windows 2000 Publisher]
(Userinit)(C:\WINNT\system32\userinit.exe,) [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
(AppInit_DLLs)() [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
(WinlogonNotify: klogon)(C:\WINNT\system32\klogon.dll) [Kaspersky Lab]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\){22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
(Microsoft Windows Media Player)(C:\WINNT\system32\setup\wmpocm.exe /ShowWMP) [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_CURRENT_USER\Control Panel\Desktop]
(SCRNSAVE.EXE)((无)) [N/A]




--------------------------------------------------------------------------------



启动文件夹

N/A



--------------------------------------------------------------------------------



服务

[卡巴斯基反病毒6.0 / AVP][Running/Auto Start]
(C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe -r)(Kaspersky Lab)
[Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
(C:\WINNT\System32\dmadmin.exe /com)(VERITAS Software Corp.)
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
(C:\WINNT\system32\nvsvc32.exe)(NVIDIA Corporation)
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]
(C:\WINNT\System32\svchost.exe -k netsvcs--)C:\WINNT\system32\mspmsnsv.dll)(Microsoft Corporation)



--------------------------------------------------------------------------------



驱动程序

[中国华大智能密码钥匙驱动程序 / CIDCUSB][Running/Manual Start]
(System32\Drivers\cidcusb.sys)(CIDC.)
[dmboot / dmboot][Stopped/Disabled]
(System32\drivers\dmboot.sys)(VERITAS Software Corp.)
[Logical Disk Manager Driver / dmio][Running/Boot Start]
(\SystemRoot\System32\drivers\dmio.sys)(VERITAS Software Corp.)
[dmload / dmload][Running/Boot Start]
(\SystemRoot\System32\drivers\dmload.sys)(VERITAS Software Corp.)
[GMSIPCI / GMSIPCI][Stopped/Manual Start]
(\??\G:\INSTALL\GMSIPCI.SYS)(N/A)
[kl1 / kl1][Running/Boot Start]
(\SystemRoot\system32\drivers\kl1.sys)(Kaspersky Lab)
[klif / klif][Running/System Start]
(\??\C:\WINNT\system32\drivers\klif.sys)(Kaspersky Lab)
[MSICPL / MSICPL][Stopped/Manual Start]
(\??\G:\install4\MSICPL.sys)(N/A)
[NTACCESS / NTACCESS][Stopped/Manual Start]
(\??\G:\NTACCESS.sys)(N/A)
[nv / nv][Running/Manual Start]
(system32\DRIVERS\nv4_mini.sys)(NVIDIA Corporation)
[NVIDIA nForce Networking Controller Driver / NVENETFD][Running/Manual Start]
(system32\DRIVERS\NVENETFD.sys)(NVIDIA Corporation)
[NVIDIA Network Bus Enumerator / nvnetbus][Running/Manual Start]
(system32\DRIVERS\nvnetbus.sys)(NVIDIA Corporation)
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
(system32\DRIVERS\ptilink.sys)(Parallel Technologies, Inc.)
[SetupNTGLM7X / SetupNTGLM7X][Stopped/Manual Start]
(\??\G:\NTGLM7X.sys)(N/A)
[CRW-Vu SCReader / WATCHKEY][Stopped/Auto Start]
(system32\DRIVERS\wdkey.SYS)(Beijing WatchData System Co., Ltd.)
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
(system32\DRIVERS\WSTCODEC.SYS)(Microsoft Corporation)



--------------------------------------------------------------------------------



浏览器加载项

[NavigatMon Class]
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} (C:\Program Files\360safe\safemon\safemon.dll, )
[Web反病毒保护]
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} (C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll, Kaspersky Lab)
[@shdoclc.dll,-866]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} (, N/A)
[@msdxmLC.dll,-1@2052,电台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} (C:\WINNT\system32\msdxm.ocx, Microsoft Corporation)
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} (C:\WINNT\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.)
[导出到 Microsoft Office Excel(&X)]
(res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A)
gototop
 
13707377134
头像
初生襁褓狮
  • 帖子:46
  • 注册: 2004-07-17
  • 来自:
发表于: 2007-04-11 17:32 | 只看楼主 短消息 资料
字号: 9楼

正在运行的进程

[PID: 196][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.00.2195.6601]
[PID: 220][\??\C:\WINNT\system32\csrss.exe] [Microsoft Corporation, 5.00.2195.6601]
[PID: 240][\??\C:\WINNT\system32\winlogon.exe] [Microsoft Corporation, 5.00.2195.6970]
[C:\WINNT\system32\klogon.dll] [Kaspersky Lab, 6.0.0.299]
[PID: 268][C:\WINNT\system32\services.exe] [Microsoft Corporation, 5.00.2195.6700]
[C:\WINNT\system32\dmserver.dll] [VERITAS Software Corp., 2195.6605.297.3]
[PID: 280][C:\WINNT\system32\lsass.exe] [Microsoft Corporation, 5.00.2195.6902]
[PID: 464][C:\WINNT\system32\svchost.exe] [Microsoft Corporation, 5.00.2134.1]
[PID: 492][C:\WINNT\system32\spoolsv.exe] [Microsoft Corporation, 5.00.2195.7059]
[C:\WINNT\system32\EBPMON2.DLL] [SEIKO EPSON CORPORATION, 2, 20, 0, 0]
[PID: 964][C:\WINNT\Explorer.EXE] [Microsoft Corporation, 5.00.3700.6690]
[C:\WINNT\AppPatch\AcLayers.DLL] [Microsoft Corporation, 5.00.2195.6717]
[C:\Program Files\360safe\safemon\safemon.dll] [, 3, 2, 0, 1001]
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
[C:\WINNT\system32\wmp.dll] [Microsoft Corporation, 9.00.00.3075]
[C:\WINNT\system32\wmploc.dll] [Microsoft Corporation, 9.00.00.2980]
[C:\WINNT\system32\wmvcore.dll] [Microsoft Corporation, 9.00.00.3265 (xpsp_sp2_qfe.061206-2330)]
[C:\WINNT\system32\wmidx.dll] [Microsoft Corporation, 9.00.00.2980]
[C:\WINNT\system32\WMASF.DLL] [Microsoft Corporation, 9.00.00.2980 built by: lab03_dev(bld4act)]
[C:\WINNT\system32\msdmo.dll] [, ]
[C:\WINNT\system32\wmnetmgr.dll] [Microsoft Corporation, 9.00.00.2980]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scr_ch_pg.dll] [Kaspersky Lab, 1.0.6.299]
[C:\WINNT\system32\MSVCP60.dll] [Microsoft Corporation, 6.00.8168.0]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\klscav.dll] [Kaspersky Lab, 6.0.0.299]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\pr_remote.dll] [Kaspersky Lab, 6.0.0.299]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll] [Kaspersky Lab, 6.0.0.299]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prkernel.ppl] [Kaspersky Lab, 6.0.0.304]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\params.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\pxstub.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\tempfile.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\nfio.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\fsdrvplgn.ppl] [Kaspersky Lab, 6.0.0.299]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[PID: 1188][C:\WINNT\system32\RUNDLL32.EXE] [Microsoft Corporation, 5.00.2134.1]
[C:\WINNT\system32\NvMcTray.dll] [NVIDIA Corporation, 6.14.10.8186]
[C:\WINNT\system32\NVRSZHC.DLL] [NVIDIA Corporation, 6.14.10.8186]
[PID: 1216][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] [RealNetworks, Inc., 0.1.0.3018]
[PID: 1220][C:\WINNT\system32\autoregc.exe] [N/A, ]
[C:\WINNT\system32\WDCRWV.dll] [N/A, ]
[PID: 1244][C:\Program Files\360safe\safemon\360Tray.exe] [奇虎网, 3, 2, 1, 1001]
[C:\Program Files\360safe\safemon\safemon.dll] [, 3, 2, 0, 1001]
[C:\Program Files\360safe\safemon\SafeKrnl.dll] [奇虎网, 3, 2, 0, 1001]
[C:\Program Files\360safe\AntiAdwa.dll] [360Safe.com, 3, 2, 0, 1001]
[C:\Program Files\360safe\live.dll] [360safe.COM, 1, 0, 0, 1011]
[C:\WINNT\system32\msxml3.dll] [Microsoft Corporation, 8.50.2162.0]
[PID: 1252][C:\Program Files\95599 Certificate Tools\CIDC\RegCertTool.exe] [CIDC, 1, 0, 0, 10]
[PID: 1280][C:\WINNT\system32\internat.exe] [Microsoft Corporation, 5.00.2920.0000]
[C:\Program Files\360safe\safemon\safemon.dll] [, 3, 2, 0, 1001]
[PID: 976][C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE] [Microsoft Corporation, 11.0.6355]
[C:\Program Files\Common Files\Microsoft Shared\office11\mso.dll] [Microsoft Corporation, 11.0.6360]
[C:\Program Files\360safe\safemon\safemon.dll] [, 3, 2, 0, 1001]
[C:\Program Files\Microsoft Office\OFFICE11\GdiPlus.DLL] [Microsoft Corporation, 6.0.3264.0]
[C:\PROGRA~1\MICROS~2\OFFICE11\ADDINS\SYMINPUT.DLL] [Microsoft Corporation, 1.02]
[C:\WINNT\system32\MSVBVM60.DLL] [Microsoft Corporation, 6.00.9690]
[C:\Program Files\Common Files\Microsoft Shared\office11\riched20.dll] [Microsoft Corporation, 5.50.99.2009]
[C:\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA6\VBE6.DLL] [Microsoft Corporation, 6.04.9972]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\offguard.dll] [Kaspersky Lab, 6.0.0.299]
[C:\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA6\2052\VBE6INTL.DLL] [Microsoft Corporation, 6.03.9070]
[C:\WINNT\system32\FM20.DLL] [Microsoft Corporation, 11.0.6254]
[C:\WINNT\system32\fm20CHS.DLL] [Microsoft Corporation, 11.0.5516]
[C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL] [Microsoft Corporation, 11.0.5510.0]
[C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\pkmws.dll] [Microsoft Corporation, 11.0.5510.0]
[C:\WINNT\system32\HD_CSP.dll] [N/A, ]
[C:\WINNT\system32\HD_InterFace.dll] [, 1, 1, 0, 1]
[C:\WINNT\system32\HD_Device.dll] [HED, 1, 0, 6, 0]
[C:\WINNT\system32\HD_TYHD.dll] [HED, 1, 0, 9, 0]
[C:\WINNT\system32\Cidcex.dll] [CIDC, 0, 2, 10, 81]
[C:\WINNT\system32\HD_HDCOS.dll] [HED, 1, 0, 1, 5]
[C:\WINNT\system32\HDIFD20B.dll] [CIDC., 1, 0, 17, 15]
[C:\WINNT\system32\spool\DRIVERS\W32X86\3\UNIDRVUI.DLL] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINNT\system32\spool\DRIVERS\W32X86\3\UNIDRV.DLL] [Microsoft Corporation, 5.1.2600.1147 (xpsp2.021108-1929)]
[C:\WINNT\system32\PINTLGNT.IME] [Microsoft Corporation, 4.2.32]
[C:\WINNT\system32\winpy.ime] [Microsoft Corporation, 5.00.2195.6601]
[C:\WINNT\system32\winzm.ime] [Microsoft Corporation, 5.00.2195.6601]
[C:\WINNT\system32\winabc.ime] [Microsoft Corporation, 5.00.2195.6601]
[C:\Program Files\Microsoft Office\OFFICE11\msostyle.dll] [Microsoft Corporation, 11.0.5510]
[PID: 780][C:\WINNT\system32\conime.exe] [Microsoft Corporation, 5.00.2195.6655]
[C:\Program Files\360safe\safemon\safemon.dll] [, 3, 2, 0, 1001]
[PID: 380][C:\Program Files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2800.1106]
[C:\Program Files\360safe\safemon\safemon.dll] [, 3, 2, 0, 1001]
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scr_ch_pg.dll] [Kaspersky Lab, 1.0.6.299]
[C:\WINNT\system32\MSVCP60.dll] [Microsoft Corporation, 6.00.8168.0]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\klscav.dll] [Kaspersky Lab, 6.0.0.299]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\pr_remote.dll] [Kaspersky Lab, 6.0.0.299]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll] [Kaspersky Lab, 6.0.0.299]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prkernel.ppl] [Kaspersky Lab, 6.0.0.304]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\params.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\pxstub.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\tempfile.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\nfio.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\fsdrvplgn.ppl] [Kaspersky Lab, 6.0.0.299]
[C:\WINNT\system32\PINTLGNT.IME] [Microsoft Corporation, 4.2.32]
[C:\WINNT\system32\winpy.ime] [Microsoft Corporation, 5.00.2195.6601]
[C:\WINNT\system32\winzm.ime] [Microsoft Corporation, 5.00.2195.6601]
[C:\WINNT\system32\winabc.ime] [Microsoft Corporation, 5.00.2195.6601]
[C:\WINNT\system32\msxml3.dll] [Microsoft Corporation, 8.50.2162.0]
[C:\WINNT\system32\Macromed\Flash\Flash9b.ocx] [Adobe Systems, Inc., 9,0,28,0]
[C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL] [Microsoft Corporation, 11.0.5510]
[PID: 628][C:\Program Files\WinRAR\WinRAR.exe] [Eugene Roshal, 3.30]
[C:\Program Files\360safe\safemon\safemon.dll] [, 3, 2, 0, 1001]
[PID: 1440][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.375\SREng.EXE] [Smallfrogs Studio, 2.4.12.806]
[C:\Program Files\360safe\safemon\safemon.dll] [, 3, 2, 0, 1001]
gototop
 
13707377134
头像
初生襁褓狮
  • 帖子:46
  • 注册: 2004-07-17
  • 来自:
发表于: 2007-04-11 17:33 | 只看楼主 短消息 资料
字号: 10楼

文件关联

.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINNT\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]



--------------------------------------------------------------------------------



Winsock 提供者

N/A



--------------------------------------------------------------------------------



Autorun.inf

N/A



--------------------------------------------------------------------------------



HOSTS 文件

127.0.0.1 localhost



--------------------------------------------------------------------------------



API HOOK

RVA 错误: LoadLibraryA (危险等级: 一般, 被下面模块所HOOK: Dest Addr: 0xBD7CEB25)
RVA 错误: LoadLibraryExA (危险等级: 一般, 被下面模块所HOOK: Dest Addr: 0xBD7CED67)
RVA 错误: LoadLibraryExW (危险等级: 一般, 被下面模块所HOOK: Dest Addr: 0xBD7CEF0B)
RVA 错误: LoadLibraryW (危险等级: 一般, 被下面模块所HOOK: Dest Addr: 0xBD7CEC49)
入口点错误:CreateProcessA (危险等级: 一般, 被下面模块所HOOK: C:\Program Files\360safe\safemon\safemon.dll)
入口点错误:CreateProcessW (危险等级: 一般, 被下面模块所HOOK: C:\Program Files\360safe\safemon\safemon.dll)
RVA 错误: GetProcAddress (危险等级: 高, 被下面模块所HOOK: Dest Addr: 0xBD7CEE8F)



--------------------------------------------------------------------------------



隐藏进程

N/A



--------------------------------------------------------------------------------
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT