瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 中了几个病毒 老清不干净 带日志

1   1  /  1  页   跳转

中了几个病毒 老清不干净 带日志

收藏
修罗冷风
头像
拙长孩提狮
  • 帖子:105
  • 注册: 2006-04-26
  • 来自:
发表于: 2008-05-25 14:06 | 只看楼主 短消息 资料
字号: 1楼

中了几个病毒 老清不干净 带日志

[CODE]
2008-05-25,13:48:35
System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)
Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <360Safetray><C:\Program Files\360safe\safemon\360tray.exe /start>  [(Verified)Qizhi Software (beijing) Co. Ltd]
    <360Antiarp><C:\Program Files\360safe\antiarp\antiarp.exe /start>  [奇虎网]
    <360Safebox><"C:\Program Files\360Safebox\safeboxTray.exe" /r>  [(Verified)Qizhi Software (beijing) Co. Ltd]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]
==================================
启动文件夹
N/A
==================================
服务
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
  <C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[Contrl Center of Storm Media / ccosm][Running/Auto Start]
  <D:\Program Files\StormII\stormliv.exe /asservice><北京暴风网际科技有限公司>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[MSSQLSERVER / MSSQLSERVER][Running/Auto Start]
  <C:\PROGRA~1\MICROS~4\MSSQL\binn\sqlservr.exe><Microsoft Corporation>
[MSSQLServerADHelper / MSSQLServerADHelper][Stopped/Manual Start]
  <C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe><Microsoft Corporation>
[SQLSERVERAGENT / SQLSERVERAGENT][Stopped/Manual Start]
  <C:\Program Files\Microsoft SQL Server\MSSQL\binn\sqlagent.exe -i MSSQLSERVER><Microsoft Corporation>
==================================
驱动程序
[360AntiArp / 360AntiArp][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\360AntiArp.sys><360安全中心>
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Stopped/Manual Start]
  <system32\drivers\ac97intc.sys><Intel Corporation>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[AliIde / AliIde][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\aliide.sys><Acer Laboratories Inc.>
[AMD Processor Driver / AmdK8][Running/System Start]
  <System32\DRIVERS\amdk8.sys><Advanced Micro Devices>
[ati2mtag / ati2mtag][Running/Manual Start]
  <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[atiide / atiide][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\atiide.sys><ATI Technologies Inc.>
[CmdIde / CmdIde][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Stopped/Manual Start]
  <system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[VIA Rhine Family Fast Ethernet Adapter Driver Service / FETNDISB][Running/Manual Start]
  <system32\DRIVERS\fetnd5b.sys><VIA Technologies, Inc.>
[mv61xx / mv61xx][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\mv61xx.sys><Marvell Semiconductor, Inc.>
[nv / nv][Stopped/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]
  <\??\C:\Program Files\360Safebox\SafeBoxKrnl.sys><360安全中心>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[sysHostSvc / sysHostSvc][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\GuiHelp.sys><Microsoft Corporation>
[VIA AGP Filter / viaagp1][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\viaagp1.sys><VIA Technologies, Inc.>
[ViaIde / ViaIde][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
[VIAMRAID / VIAMRAID][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\viamraid.sys><VIA Technologies inc,.ltd>

==================================
浏览器加载项
[ThunderAtOnce Class]
  {01443AEC-0FD1-40fd-9C87-E93D1494C233} <D:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[QQToolbar]
  {29CF293A-1E7D-4069-9E11-E39698D0AF95} <C:\Program Files\Tencent\QQToolbar\IEBar.dll, TENCENT>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <D:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 奇虎网>
[快捷工具条3.21]
  {BE830FD4-E393-417F-9F4B-CC70ABB3384C} <C:\WINDOWS\system32\IETool.dll, >
[QQToolbar]
  {29CF293A-1E7D-4069-9E11-E39698D0AF95} <C:\Program Files\Tencent\QQToolbar\IEBar.dll, TENCENT>
[ThunderAtOnce Class]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <D:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[QQToolbar]
  {29CF293A-1E7D-4069-9E11-E39698D0AF95} <C:\Program Files\Tencent\QQToolbar\IEBar.dll, TENCENT>
[Thunder Agent Class]
  {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <D:\Program Files\Thunder Network\Thunder\ComDlls\ThunderAgent_Now.dll, Thunder Networking Technologies,LTD>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[360SafeLive]
  {87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360safe\live.dll, 360.cn>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <D:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 奇虎网>
[快捷工具条3.21]
  {BE830FD4-E393-417F-9F4B-CC70ABB3384C} <C:\WINDOWS\system32\IETool.dll, >
[AUDIO__X_MS_WMA Moniker Class]
  {CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>
[SrchHook Class]
  {F08555B0-9CC3-11D2-AA8E-000000000000} <C:\WINDOWS\system32\IEBHO.dll, N/A>
[使用迅雷下载]
  <D:\Program Files\Thunder Network\Thunder\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
  <D:\Program Files\Thunder Network\Thunder\Program\getallurl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ表情]
  <D:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
==================================

用户系统信息:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; GreenBrowser)
分享到:
gototop
 
修罗冷风
头像
拙长孩提狮
  • 帖子:105
  • 注册: 2006-04-26
  • 来自:
发表于: 2008-05-25 14:07 | 只看楼主 短消息 资料
字号: 2楼

回复: 中了几个病毒 老清不干净 带日志

==================================
正在运行的进程
[PID: 540 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 616 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 648 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\Ati2evxx.dll]  [ATI Technologies Inc., 6.14.10.4175]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 692 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\AppPatch\AcAdProc.dll]  [Microsoft Corporation, 5.1.2600.3008 (xpsp.061004-0027)]
[PID: 704 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 844 / SYSTEM][C:\WINDOWS\system32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4176]
    [C:\WINDOWS\system32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2512]
    [C:\WINDOWS\system32\atipdlxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2522]
[PID: 884 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 968 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1064 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\wups2.dll]  [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
[PID: 1116 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1260 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1376 / SYSTEM][C:\WINDOWS\system32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4176]
    [C:\WINDOWS\system32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2512]
    [C:\WINDOWS\system32\atipdlxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2522]
    [C:\WINDOWS\system32\ati2evxx.dll]  [ATI Technologies Inc., 6.14.10.4175]
[PID: 1516 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[PID: 1628 / SYSTEM][D:\Program Files\StormII\stormliv.exe]  [北京暴风网际科技有限公司, 3, 8, 3, 15]
    [D:\Program Files\StormII\MSVCP60.dll]  [Microsoft Corporation, 6.02.3104.0]
[PID: 1664 / SYSTEM][C:\PROGRA~1\MICROS~4\MSSQL\binn\sqlservr.exe]  [Microsoft Corporation, 2000.080.2039.00]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\PROGRA~1\MICROS~4\MSSQL\binn\opends60.dll]  [Microsoft Corporation, 2000.080.2039.00]
    [C:\PROGRA~1\MICROS~4\MSSQL\binn\sqlsort.dll]  [Microsoft Corporation, 2000.080.2039.00]
    [C:\PROGRA~1\MICROS~4\MSSQL\binn\ums.dll]  [Microsoft Corporation, 2000.080.2039.00]
    [C:\PROGRA~1\MICROS~4\MSSQL\binn\Resources\2052\sqlevn70.RLL]  [Microsoft Corporation, 2000.080.2039.00]
    [C:\Program Files\Microsoft SQL Server\MSSQL\binn\SSNETLIB.dll]  [Microsoft Corporation, 2000.080.2039.00]
    [C:\PROGRA~1\MICROS~4\MSSQL\binn\SSmsLPCn.dll]  [Microsoft Corporation, 2000.080.2039.00]
    [C:\PROGRA~1\MICROS~4\MSSQL\binn\SSnmPN70.dll]  [Microsoft Corporation, 2000.080.2039.00]
[PID: 200 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1164 / Administrator][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
    [C:\Program Files\360safe\safemon\safemon.dll]  [奇虎网, 4, 0, 3, 1003]
    [C:\WINDOWS\system32\WPDShServiceObj.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\PortableDeviceTypes.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\PortableDeviceApi.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [D:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_00.dll]  [, 1, 0, 0, 17]
    [D:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 16]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [D:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.5.16]
    [D:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 61]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
[PID: 1580 / Administrator][C:\Program Files\360safe\antiarp\antiarp.exe]  [奇虎网, 2, 0, 0, 1004]
    [C:\Program Files\360safe\safemon\safemon.dll]  [奇虎网, 4, 0, 3, 1003]
[PID: 1648 / Administrator][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\360safe\safemon\safemon.dll]  [奇虎网, 4, 0, 3, 1003]
[PID: 2564 / Administrator][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\360safe\safemon\safemon.dll]  [奇虎网, 4, 0, 3, 1003]
[PID: 2388 / Administrator][D:\Program Files\iSpeak\iSpeak.exe]  [上海勤和互联网技术软件开发有限公司, 5, 0, 8, 125]
    [D:\Program Files\iSpeak\MxUtilities.dll]  [上海勤和互联网技术软件开发有限公司, 5, 0, 8, 27]
    [D:\Program Files\iSpeak\Emoticon.DLL]  [上海勤和互联网技术软件开发有限公司, 5, 0, 8, 27]
    [D:\Program Files\iSpeak\MixWave.dll]  [上海勤和互联网技术软件开发有限公司, 5, 0, 8, 27]
    [D:\Program Files\iSpeak\MxAudio.dll]  [上海勤和互联网技术软件开发有限公司, 5, 0, 8, 125]
    [D:\Program Files\iSpeak\MxProtocol.dll]  [上海勤和互联网技术软件开发有限公司, 5, 0, 8, 125]
    [D:\Program Files\iSpeak\MxChannel.dll]  [上海勤和互联网技术软件开发有限公司, 5, 0, 8, 27]
    [D:\Program Files\iSpeak\MxSocket.dll]  [N/A, ]
    [D:\Program Files\iSpeak\imUpdate.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\360safe\safemon\safemon.dll]  [奇虎网, 4, 0, 3, 1003]
    [D:\Program Files\iSpeak\iSActiveX.ocx]  [上海勤和互联网技术软件开发有限公司, 5, 0, 8, 27]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\imaadp32.acm]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msadp32.acm]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msg711.acm]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\msgsm32.acm]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 4844 / Administrator][C:\WINDOWS\system32\cmd.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1544 / Administrator][C:\WINDOWS\system32\ping.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 5708 / Administrator][F:\CNTOOL v1.3.exe]  [N/A, ]
    [C:\Program Files\360safe\safemon\safemon.dll]  [奇虎网, 4, 0, 3, 1003]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 5620 / Administrator][F:\完美世界\element\elementclient.exe]  [N/A, ]
    [F:\完美世界\element\zlibwapi.dll]  [, 1.2.2]
    [F:\完美世界\element\ElementSkill.dll]  [N/A, ]
    [F:\完美世界\element\SpeedTreeRT.dll]  [N/A, ]
    [F:\完美世界\element\FTDriver.dll]  [N/A, ]
    [F:\完美世界\element\ImmWrapper.dll]  [N/A, ]
    [F:\完美世界\element\IFC22.dll]  [Immersion Corporation, 2.2.8]
    [C:\Program Files\360safe\safemon\safemon.dll]  [奇虎网, 4, 0, 3, 1003]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 356 / Administrator][F:\完美世界\element\reportbugs\pwprotector.exe]  [N/A, ]
[PID: 3264 / Administrator][D:\Program Files\Tencent\QQ\QQ.exe]  [TENCENT, 8,0,777,1805]
    [D:\Program Files\Tencent\QQ\QQBaseClassInDll.dll]  [TENCENT, 8,0,777,1805]
    [D:\Program Files\Tencent\QQ\QQHelperDll.dll]  [TENCENT, 8,0,777,1805]
    [D:\Program Files\Tencent\QQ\BasicCtrlDll.dll]  [TENCENT, 8,0,777,1805]
    [D:\Program Files\Tencent\QQ\MFC42.DLL]  [Microsoft Corporation, 6.00.8665.0]
    [C:\Program Files\360safe\safemon\safemon.dll]  [奇虎网, 4, 0, 3, 1003]
    [D:\Program Files\Tencent\QQ\RICHED32.DLL]  [Microsoft Corporation, 5.00.2134.1]
    [D:\Program Files\Tencent\QQ\RICHED20.dll]  [Microsoft Corporation, 5.31.23.1218]
    [D:\Program Files\Tencent\QQ\QQAPI.dll]  [TENCENT, 8,0,777,1805]
    [D:\Program Files\Tencent\QQ\LoginCtrl.dll]  [TENCENT, 8,0,777,1805]
    [D:\Program Files\Tencent\QQ\LoginCtrlRes.dll]  [TENCENT, 8,0,777,1805]
    [D:\Program Files\Tencent\QQ\QQRes.dll]  [TENCENT, 8,0,776,1805]
    [D:\Program Files\Tencent\QQ\QQMainFrame.dll]  [N/A, ]
    [D:\Program Files\Tencent\QQ\gdiplus.dll]  [Microsoft Corporation, 5.1.3102.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\Program Files\Tencent\QQ\QQPlugin.dll]  [N/A, ]
    [D:\Program Files\Tencent\QQ\UnReadMsgMgr.dll]  [N/A, ]
    [D:\Program Files\Tencent\QQ\CQQApplication.dll]  [N/A, ]
    [D:\Program Files\Tencent\QQ\FlashAvatarDll.dll]  [, 1, 4, 0, 1]
    [D:\Program Files\Tencent\QQ\NewSkin.dll]  [TENCENT, 8,0,777,1805]
    [D:\Program Files\Tencent\QQ\MailSummary.dll]  [TENCENT, 8,0,777,1805]
    [D:\Program Files\Tencent\QQ\QQSpace.dll]  [TENCENT, 8,0,777,1805]
    [D:\Program Files\Tencent\QQ\vbscript.dll]  [Microsoft Corporation, 5.6.0.7426]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
    [D:\Program Files\Tencent\QQ\QQKnowledgeSearch.dll]  [TENCENT, 8,0,777,1805]
    [D:\Program Files\Tencent\QQ\OEMApplication.dll]  [TENCENT, 8,0,777,1805]
    [D:\Program Files\Tencent\QQ\QQGroupMng.dll]  [TENCENT, 8,0,777,1805]
    [D:\Program Files\Tencent\QQ\UserDefinedHead.dll]  [TENCENT, 8,0,777,1805]
    [D:\Program Files\Tencent\QQ\QQAllInOne.dll]  [TENCENT, 8,0,777,1805]
    [D:\Program Files\Tencent\QQ\SCCore.dll]  [TENCENT, 1, 6, 0, 2]
    [D:\Program Files\Tencent\QQ\CameraDll.dll]  [TENCENT, 8,0,777,1805]
    [D:\Program Files\Tencent\QQ\QQCustomFace.dll]  [N/A, ]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [D:\Program Files\Tencent\QQ\QQPet.dll]  [TENCENT, 8,0,777,1805]
    [C:\WINDOWS\system32\msadp32.acm]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\Program Files\Tencent\QQ\QRingMng.dll]  [N/A, ]
    [D:\Program Files\Tencent\QQ\QQSysMsgMng.dll]  [N/A, ]
    [D:\Program Files\Tencent\QQ\QQConfigPlugin.dll]  [TENCENT, 8,0,777,1805]
    [D:\Program Files\Tencent\QQ\ImageOle.dll]  [TENCENT, 8,0,777,1805]
    [D:\Program Files\Tencent\QQ\QQLiveQMng.dll]  [TENCENT, 8,0,777,1805]
    [D:\Program Files\Tencent\QQ\QQMagicFace.dll]  [TENCENT, 8,0,777,1805]
    [D:\Program Files\Tencent\QQ\QQSceneMng.dll]  [N/A, ]
    [D:\Program Files\Tencent\QQ\QQAvatar.dll]  [N/A, ]
    [D:\Program Files\Tencent\QQ\LongConnection.dll]  [TENCENT, 8,0,777,1805]
    [D:\Program Files\Tencent\QQ\PhoneAPI.dll]  [TENCENT, 8,0,777,1805]
    [D:\Program Files\Tencent\QQ\DialerAllinOne.dll]  [tencent, 1, 4, 0, 0]
    [D:\Program Files\Tencent\QQ\GroupConnection.dll]  [TENCENT, 8,0,777,1805]
    [D:\Program Files\Tencent\QQ\BQQApplication.dll]  [N/A, ]
    [D:\Program Files\Tencent\QQ\CommercesMng.dll]  [TENCENT, 8,0,777,1805]
    [D:\Program Files\Tencent\QQ\PersonalDesktop.dll]  [TENCENT, 8,0,777,1805]
    [D:\Program Files\Tencent\QQ\QQAddr.dll]  [深圳市腾讯计算机系统有限公司, 5, 0, 101, 330]
    [D:\Program Files\Tencent\QQ\VqqModule.dll]  [TENCENT, 8,0,777,1805]
    [D:\Program Files\Tencent\QQ\VqqAllInOne.dll]  [Tencent, 2, 1, 0, 0]
    [D:\Program Files\Tencent\QQ\tencent-proto1.dll]  [tencent, 2, 1, 0, 0]
    [D:\Program Files\Tencent\QQ\tencent-comlib.dll]  [tencent, 2, 1, 0, 0]
    [D:\Program Files\Tencent\QQ\tencent-proto2.dll]  [tencent, 2, 1, 0, 0]
    [D:\Program Files\Tencent\QQ\InPlus.dll]  [Tencent, 2, 1, 0, 0]
    [D:\Program Files\Tencent\QQ\AddrSearch.dll]  [腾讯科技(深圳)有限公司, 2, 2, 1, 15]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx]  [Adobe Systems, Inc., 9,0,124,0]
    [D:\Program Files\Tencent\QQ\QQFileTransfer.dll]  [TENCENT, 8,0,777,1805]
[PID: 1324 / Administrator][D:\Program Files\Tencent\QQ\TXPlatform.exe]  [Tencent, 1, 0, 170, 0]
    [C:\Program Files\360safe\safemon\safemon.dll]  [奇虎网, 4, 0, 3, 1003]
[PID: 2796 / Administrator][D:\sreng2\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [C:\Program Files\360safe\safemon\safemon.dll]  [奇虎网, 4, 0, 3, 1003]
    [D:\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
==================================
文件关联
.TXT  Error. [C:\WINDOWS\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
127.0.0.1      localhost
127.0.0.1  yu.8s7.net
127.0.0.1  1.jopanqc.com
127.0.0.1  2.joppnqq.com
127.0.0.1  wg.47255.com
127.0.0.1  1.joppnqq.com
127.0.0.1  xxx.m111.biz
127.0.0.1  1.jopenqc.com
127.0.0.1  1.jopenkk.com
127.0.0.1  xxx.vh7.biz
127.0.0.1  xxx.j41m.com
127.0.0.1  3.joppnqq.com
127.0.0.1  d.93se.com
127.0.0.1  www.868wg.com
127.0.0.1  xxx.mmma.biz
127.0.0.1  ilove.com
127.0.0.1  tp.shpzhan.cn
127.0.0.1  www.tomwg.com
127.0.0.1  www.cike007.cn
127.0.0.1  www.22aaa.com
127.0.0.1  xx.exiao01.com
127.0.0.1  www.exiao01.com
127.0.0.1  www.exiao01.com
127.0.0.1  new.749571.com
127.0.0.1  xtx.kv8.info
127.0.0.1  cao.kv8.info
127.0.0.1  1.jopmmqq.com
127.0.0.1  171817.171817.com
127.0.0.1  d2.llsging.com
127.0.0.1  down.malasc.cn
127.0.0.1  llboss.com
127.0.0.1  nx.51ylb.cn
127.0.0.1  my.531jx.cn
127.0.0.1  qqq.dzydhx.com
127.0.0.1  qqq.hao1658.com
127.0.0.1  www.333292.com
127.0.0.1  down.18dd.net
127.0.0.1  up.22x44.com
127.0.0.1  aaa.faba01.com
127.0.0.1  bad.tqdlt.cn
127.0.0.1  1.chsipo.com
127.0.0.1  c3.aishangai.net
127.0.0.1  c2.aishangai.net
127.0.0.1  xxx.188dm.com
127.0.0.1  x2.1a2b3c1.com
127.0.0.1  d1.163500.net
127.0.0.1  down.google-serv.cn
127.0.0.1  idc.windowsupdeta.cn
127.0.0.1  nc.mskess.com
127.0.0.1  ok.sl8cjs.cn
127.0.0.1  dl.pvs360.com
127.0.0.1  ta.pvs360.com
127.0.0.1  cw.pvs360.com
127.0.0.1  fg.pvs360.com
==================================
进程特权扫描
特殊特权被允许: SeLoadDriverPrivilege [PID = 648, C:\WINDOWS\SYSTEM32\WINLOGON.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1580, C:\PROGRAM FILES\360SAFE\ANTIARP\ANTIARP.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2388, D:\PROGRAM FILES\ISPEAK\ISPEAK.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 5708, F:\CNTOOL V1.3.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 5620, F:\完美世界\ELEMENT\ELEMENTCLIENT.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 356, F:\完美世界\ELEMENT\REPORTBUGS\PWPROTECTOR.EXE]
==================================
API HOOK
N/A
==================================
隐藏进程
N/A
==================================
gototop
 
天月来了
头像
版主
  • 帖子:76904
  • 注册: 2007-02-06
  • 来自:
发表于: 2008-05-25 14:39 | 短消息 资料
字号: 3楼

回复:中了几个病毒 老清不干净 带日志

详细病毒文件名和路径
百年以后,你的墓碑旁 刻着的名字不是我
gototop
 
修罗冷风
头像
拙长孩提狮
  • 帖子:105
  • 注册: 2006-04-26
  • 来自:
发表于: 2008-05-25 23:02 | 只看楼主 短消息 资料
字号: 4楼

回复: 中了几个病毒 老清不干净 带日志

360安全卫士木马查杀历史报告
木马名称:Win32.Lovgate.R@mm
路径:F:\System Volume Information\_restore{5828498B-E212-48E2-B40C-3D66645342F0}\RP29\A0003403.pif
查杀时间 :2008-05-25 03:30
木马名称:Infostealer/Win32.Bzup
路径:C:\System Volume Information\_restore{5828498B-E212-48E2-B40C-3D66645342F0}\RP31\A0006015.dll
查杀时间 :2008-05-25 03:30
木马名称:Infostealer/Win32.Bzup
路径:C:\System Volume Information\_restore{5828498B-E212-48E2-B40C-3D66645342F0}\RP29\A0003962.dll
查杀时间 :2008-05-25 03:30
木马名称:Infostealer/Win32.Bzup
路径:C:\WINDOWS\system32\IEBHO.dll
查杀时间 :2008-05-25 02:02
gototop
 
sako
头像
社区嘉宾
  • 帖子:7496
  • 注册: 2007-10-16
  • 来自:遥远的地方
发表于: 2008-05-26 07:02 | 短消息 资料
字号: 5楼

回复:中了几个病毒 老清不干净 带日志

关闭系统还原

官网下载费尔木马强力清除助手,勾选“抑制文件再生”删除。
http://dl.filseclab.com/down/powerrmv.zip
C:\WINDOWS\system32\IEBHO.dll


到安全模式下全盘查杀,清理电脑
下载清理系统临时文件和IE临时文件夹工具,全选所有项目,点击“立即清理”清理系统
http://www.atribune.org/public-beta/ATF-Cleaner.exe
下载arswp(Windows清理助手)清理下..
http://www.arswp.com/download/arswp/arswp.rar


ok
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT