瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 【求助】病毒怎么都杀不尽, 内附hijack 和SrengLog 日志 求高手解决

12   1  /  2  页   跳转

【求助】病毒怎么都杀不尽, 内附hijack 和SrengLog 日志 求高手解决

收藏
如影随行1
头像
初生襁褓狮
  • 帖子:50
  • 注册: 2006-10-11
  • 来自:
发表于: 2006-10-11 18:32 | 只看楼主 短消息 资料
字号: 1楼

【求助】病毒怎么都杀不尽, 内附hijack 和SrengLog 日志 求高手解决

开始发现wbem下有winlogon,system下有mekem.exe 文件,删除,进安全模式,正常,用金山和瑞星维金软件均查不到病毒,正常启动,AVAST发现不断有访问外部网站,并有病毒,杀不掉,avast是最新的病毒库,无奈,再重启,进正常模式,用金山和瑞星维金软件均查不到病毒,在C盘发现许多数字形式的exe文件,D盘,E盘均有_desktop文件.还是不断有莫名网站跳出

Svchost也太多!

Logfile of HijackThis v1.99.1
Scan saved at 17:58:43, on 2006-10-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wbem\winlogon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Owner\桌面\tools virus\HijackThis.exe

R3 - URLSearchHook: IE Toolbar - {04C7B109-8162-A0D6-B186-DBE176064A3E} - C:\PROGRA~1\EQISOT~1\eqiso.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: IEMonitor Class - {08A312BB-5409-49FC-9347-54BB7D069AC6} - C:\Program Files\DeskAdTop\deskipn.dll
O2 - BHO: (no name) - {FE32DECF-06AD-426E-9F53-3018A366B5AE} - C:\WINDOWS\system32\sys32version.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [IMSCMig] ; C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [pdfFactory Pro 分配器 v2] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /runonce
O4 - HKLM\..\Run: [C:\setupcmd.exe] C:\setupcmd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: systeem - Unknown owner - C:\WINDOWS\G_Server1.23.exe

最后编辑2006-10-12 13:10:10
分享到:
gototop
 
如影随行1
头像
初生襁褓狮
  • 帖子:50
  • 注册: 2006-10-11
  • 来自:
发表于: 2006-10-11 18:33 | 只看楼主 短消息 资料
字号: 2楼

2006-10-11,18:00:24

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Home Edition Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <run><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [Microsoft Corporation]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [Microsoft Corporation]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [Microsoft Corporation]
    <SoundMAXPnP><C:\Program Files\Analog Devices\Core\smax4pnp.exe>  [Analog Devices, Inc.]
    <IgfxTray><C:\WINDOWS\system32\igfxtray.exe>  [Intel Corporation]
    <HotKeysCmds><C:\WINDOWS\system32\hkcmd.exe>  [Intel Corporation]
    <avast!><C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe>  []
    <IMSCMig><; C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>  [Microsoft Corporation]
    <pdfFactory Pro 分配器 v2><"C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /runonce>  [FinePrint Software, LLC]
    <C:\setupcmd.exe><C:\setupcmd.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [Microsoft Corporation]

==================================
启动文件夹
服务
[avast! iAVS4 Control Service / aswUpdSv]
  <"C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"><N/A>
[avast! Antivirus / avast! Antivirus]
  <"C:\Program Files\Alwil Software\Avast4\ashServ.exe"><N/A>
[avast! Mail Scanner / avast! Mail Scanner]
  <"C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service><ALWIL Software>
[avast! Web Scanner / avast! Web Scanner]
  <"C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service><ALWIL Software>
[systeem / systeem]
  <C:\WINDOWS\G_Server1.23.exe><N/A>

==================================
浏览器加载项
[IEMonitor Class]
  {08A312BB-5409-49FC-9347-54BB7D069AC6} <C:\Program Files\DeskAdTop\deskipn.dll, >
[]
  {FE32DECF-06AD-426E-9F53-3018A366B5AE} <C:\WINDOWS\system32\sys32version.dll, N/A>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[IEMonitor Class]
  {08A312BB-5409-49FC-9347-54BB7D069AC6} <C:\Program Files\DeskAdTop\deskipn.dll, >
[Microsoft 外壳 UI 帮助程序]
  {64AB4BB7-111E-11D1-8F79-00C04FC2FBE1} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Active Desktop Mover]
  {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[]
  {FE32DECF-06AD-426E-9F53-3018A366B5AE} <C:\WINDOWS\system32\sys32version.dll, N/A>
[使用网际快车下载]
  <C:\Program Files\FlashGet\jc_link.htm, N/A>
[使用网际快车下载全部链接]
  <C:\Program Files\FlashGet\jc_all.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>

==================================
正在运行的进程
[PID: 364][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 592][\??\C:\WINDOWS\system32\csrss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 616][\??\C:\WINDOWS\system32\winlogon.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 660][C:\WINDOWS\system32\services.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 672][C:\WINDOWS\system32\lsass.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 824][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 888][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 984][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1024][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1184][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1432][C:\WINDOWS\Explorer.EXE]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\WinRAR\rarext.dll]  <N/A><N/A>
    [C:\Program Files\Alwil Software\Avast4\ashShell.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\DeskAdTop\fshook.dll]  <><1, 0, 0, 1>
    [C:\WINDOWS\system32\sys32version.dll]  <N/A><N/A>
[PID: 1504][C:\WINDOWS\system32\spoolsv.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\fppmon2.dll]  <FinePrint Software, LLC><2.10>
    [C:\WINDOWS\system32\fppr232.dll]  <FinePrint Software, LLC><2.10>
[PID: 1664][C:\Program Files\Analog Devices\Core\smax4pnp.exe]  <Analog Devices, Inc.><5, 2, 0, 5>
    [C:\Program Files\Analog Devices\Core\SMWDMIF.dll]  <Analog Devices, Inc.><5, 2, 0, 012>
    [C:\WINDOWS\system32\EDCrypt.DLL]  <Analog Devices Incorporated><1.0.0.8>
[PID: 1680][C:\WINDOWS\system32\hkcmd.exe]  <Intel Corporation><3.0.0.3889>
    [C:\WINDOWS\system32\hccutils.DLL]  <Intel Corporation><3.0.0.3889>
    [C:\WINDOWS\system32\igfxdev.dll]  <Intel Corporation><3.0.0.3889>
    [C:\WINDOWS\system32\igfxsrvc.dll]  <Intel Corporation><3.0.0.3889>
    [C:\WINDOWS\system32\igfxhk.dll]  <Intel Corporation><3.0.0.3889>
    [C:\WINDOWS\system32\igfxres.dll]  <Intel Corporation><3.0.0.3889>
[PID: 1688][C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe]  <N/A><5, 0, 0, 0>
    [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnOS.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\PROGRA~1\ALWILS~1\Avast4\ashBase.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnB.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnS.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\PROGRA~1\ALWILS~1\Avast4\ashTask.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\PROGRA~1\ALWILS~1\Avast4\aswAux.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\PROGRA~1\ALWILS~1\Avast4\Aavm4h.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\Alwil Software\Avast4\ChineseS\Base.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\Alwil Software\Avast4\ChineseS\Lang.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\PROGRA~1\ALWILS~1\Avast4\AavmRpch.dll]  <ALWIL Software><4, 7, 889, 0>
    [c:\program files\alwil software\avast4\ahruistd.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\PROGRA~1\ALWILS~1\Avast4\ashUInt.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\PROGRA~1\ALWILS~1\Avast4\XT1922.dll]  <Codejock Software><1, 9, 4, 0>
    [c:\program files\alwil software\avast4\ahruiws.dll]  <ALWIL Software><4, 7, 889, 0>
    [c:\program files\alwil software\avast4\ahruijs.dll]  <N/A><4, 7, 889, 0>
    [c:\program files\alwil software\avast4\ahruimai.dll]  <ALWIL Software><4, 7, 889, 0>
    [c:\program files\alwil software\avast4\ahruimes.dll]  <ALWIL Software><4, 7, 889, 0>
    [c:\program files\alwil software\avast4\ahruins.dll]  <ALWIL Software><4, 7, 889, 0>
    [c:\program files\alwil software\avast4\ahruiout.dll]  <ALWIL Software><4, 7, 889, 0>
    [c:\program files\alwil software\avast4\ahruip2p.dll]  <ALWIL Software><4, 7, 889, 0>
gototop
 
如影随行1
头像
初生襁褓狮
  • 帖子:50
  • 注册: 2006-10-11
  • 来自:
发表于: 2006-10-11 18:33 | 只看楼主 短消息 资料
字号: 3楼

[PID: 1708][C:\WINDOWS\system32\rundll32.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\Program Files\DeskAdTop\Run.dll]  <><1, 0, 0, 1>
    [C:\Program Files\DeskAdTop\fshook.dll]  <><1, 0, 0, 1>
    [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll]  <ALWIL Software><4, 7, 889, 0>
[PID: 1732][C:\WINDOWS\system32\ctfmon.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 240][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll]  <ALWIL Software><4, 7, 889, 0>
[PID: 296][C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe]  <N/A><N/A>
    [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll]  <ALWIL Software><4, 7, 889, 0>
[PID: 308][C:\Program Files\Alwil Software\Avast4\ashServ.exe]  <N/A><4, 7, 889, 0>
    [C:\Program Files\Alwil Software\Avast4\aswAux.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\Alwil Software\Avast4\aswEngin.dll]  <ALWIL Software><4, 7, 892, 0>
    [C:\Program Files\Alwil Software\Avast4\aswScan.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\Alwil Software\Avast4\ashBase.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\Alwil Software\Avast4\ashTask.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\Alwil Software\Avast4\aswInteg.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\Alwil Software\Avast4\aswIdle.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\Alwil Software\Avast4\Aavm4h.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\Alwil Software\Avast4\ChineseS\Base.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\Alwil Software\Avast4\UNACEV2.DLL]  <N/A><N/A>
    [C:\Program Files\Alwil Software\Avast4\AhResStd.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\Alwil Software\Avast4\AhResWS.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\Alwil Software\Avast4\AhResJs.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\Alwil Software\Avast4\AhResMai.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\Alwil Software\Avast4\ahResMes.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\Alwil Software\Avast4\AhResNS.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\Alwil Software\Avast4\AhResOut.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\Alwil Software\Avast4\ahResP2P.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\Alwil Software\Avast4\ashSSqlt.dll]  <ALWIL Software><4, 6, 763, 0>
    [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll]  <ALWIL Software><4, 7, 889, 0>
[PID: 464][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 948][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1152][C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\Alwil Software\Avast4\ashUInt.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\Alwil Software\Avast4\ashBase.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\Alwil Software\Avast4\XT1922.dll]  <Codejock Software><1, 9, 4, 0>
    [C:\Program Files\Alwil Software\Avast4\Aavm4h.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\Alwil Software\Avast4\ashTask.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\Alwil Software\Avast4\aswAux.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\Alwil Software\Avast4\AhResMai.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\Alwil Software\Avast4\ChineseS\Base.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\Alwil Software\Avast4\aswEngin.dll]  <ALWIL Software><4, 7, 892, 0>
    [C:\Program Files\Alwil Software\Avast4\aswScan.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\Alwil Software\Avast4\ChineseS\Lang.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\Alwil Software\Avast4\ChineseS\langmai.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll]  <ALWIL Software><4, 7, 889, 0>
[PID: 1356][C:\Program Files\Alwil Software\Avast4\ashWebSv.exe]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\Alwil Software\Avast4\ashBase.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\Alwil Software\Avast4\Aavm4h.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\Alwil Software\Avast4\ashTask.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\Alwil Software\Avast4\aswAux.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\Alwil Software\Avast4\ChineseS\Base.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\Alwil Software\Avast4\ashWsFtr.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\Alwil Software\Avast4\aswScan.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\PROGRA~1\ALWILS~1\Avast4\AhResWs.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\Alwil Software\Avast4\aswEngin.dll]  <ALWIL Software><4, 7, 892, 0>
[PID: 1868][c:\windows\system32\wbem\winlogon.exe]  <Microsoft><1.0.0.0>
    [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll]  <ALWIL Software><4, 7, 889, 0>
[PID: 1316][C:\WINDOWS\System32\alg.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 3868][C:\WINDOWS\system32\wuauclt.exe]  <Microsoft Corporation><5.8.0.2469 built by: lab01_n(wmbla)>
[PID: 496][C:\WINDOWS\system32\rundll32.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\Program Files\DeskAdTop\Run.dll]  <><1, 0, 0, 1>
    [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\DeskAdTop\fshook.dll]  <><1, 0, 0, 1>
[PID: 2988][C:\Documents and Settings\Owner\桌面\SREng2\SREng.exe]  <Smallfrogs Studio><2.0.21.505>
    [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\DeskAdTop\fshook.dll]  <><1, 0, 0, 1>
[PID: 3000][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\DeskAdTop\fshook.dll]  <><1, 0, 0, 1>
    [C:\Program Files\DeskAdTop\deskipn.dll]  <><1, 0, 0, 1>
    [C:\WINDOWS\system32\sys32version.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx]  <Adobe Systems, Inc.><9,0,16,0>
[PID: 3228][C:\Program Files\Internet Explorer\iexplore.exe]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\DeskAdTop\deskipn.dll]  <><1, 0, 0, 1>
    [C:\WINDOWS\system32\sys32version.dll]  <N/A><N/A>

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  Error. [winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================
gototop
 
xp123
头像
初生襁褓狮
  • 帖子:1151
  • 注册: 2006-06-14
  • 来自:
发表于: 2006-10-11 18:38 | 短消息 资料
字号: 4楼

O23 - Service: systeem - Unknown owner - C:\WINDOWS\G_Server1.23.exe

O2 - BHO: (no name) - {FE32DECF-06AD-426E-9F53-3018A366B5AE} - C:\WINDOWS\system32\sys32version.dll
R3 - URLSearchHook: IE Toolbar - {04C7B109-8162-A0D6-B186-DBE176064A3E} - C:\PROGRA~1\EQISOT~1\eqiso.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
有些奇怪
gototop
 
如影随行1
头像
初生襁褓狮
  • 帖子:50
  • 注册: 2006-10-11
  • 来自:
发表于: 2006-10-12 12:41 | 只看楼主 短消息 资料
字号: 5楼

此为进安全模式下的日志


006-10-12,12:03:59

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows XP Home Edition Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\windows\system32\ctfmon.exe> [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><C:\windows\rundl132.exe> []
<run><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Corporation]
<PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Corporation]
<PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Corporation]
<SoundMAXPnP><C:\Program Files\Analog Devices\Core\smax4pnp.exe> [N/A]
<IgfxTray><C:\WINDOWS\system32\igfxtray.exe> [(Verified)Intel Corporation]
<HotKeysCmds><C:\WINDOWS\system32\hkcmd.exe> [(Verified)Intel Corporation]
<avast!><C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe> [(Verified)N/A]
<IMSCMig><; C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload> [(Verified)Microsoft Corporation]
<pdfFactory Pro 分配器 v2><"C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /runonce> [FinePrint Software, LLC]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><C:\windows\system32\userinit.exe,> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<PostBootReminder><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Corporation]
<CDBurn><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Corporation]
<WebCheck><%SystemRoot%\system32\webcheck.dll> [(Verified)Microsoft Corporation]
<SysTray><C:\WINDOWS\system32\stobject.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
<WinlogonNotify: crypt32chain><crypt32.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
<WinlogonNotify: cryptnet><cryptnet.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
<WinlogonNotify: cscdll><cscdll.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
<WinlogonNotify: ScCertProp><wlnotify.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
<WinlogonNotify: Schedule><wlnotify.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
<WinlogonNotify: sclgntfy><sclgntfy.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
<WinlogonNotify: SensLogn><WlNotify.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
<WinlogonNotify: termsrv><wlnotify.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
<WinlogonNotify: wlballoon><wlnotify.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
<{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Corporation]
<{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><C:\WINDOWS\System32\logon.scr> [(Verified)Microsoft Corporation]

==================================
启动文件夹
N/A

==================================
服务
[avast! iAVS4 Control Service / aswUpdSv]
<"C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"><N/A>
[avast! Antivirus / avast! Antivirus]
<"C:\Program Files\Alwil Software\Avast4\ashServ.exe"><N/A>
[avast! Mail Scanner / avast! Mail Scanner]
<"C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service><ALWIL Software>
[avast! Web Scanner / avast! Web Scanner]
<"C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service><ALWIL Software>

==================================
驱动程序
[avast! Asynchronous Virus Monitor / Aavmker4]
<C:\windows\SYSTEM32\DRIVERS\Aavmker4.SYS><ALWIL Software>
[avast! Standard Shield Support / aswMon2]
<C:\windows\SYSTEM32\DRIVERS\aswMon2.SYS><ALWIL Software>
[aswRdr / aswRdr]
<C:\windows\SYSTEM32\DRIVERS\aswRdr.SYS><ALWIL Software>
[avast! Network Shield Support / aswTdi]
<C:\windows\SYSTEM32\DRIVERS\aswTdi.SYS><ALWIL Software>
[Broadcom 440x 10/100 Integrated Controller XP Driver / bcm4sbxp]
<system32\DRIVERS\bcm4sbxp.sys><Broadcom Corporation>
[cmswpy49 / cmswpy49]
<\??\C:\WINDOWS\system32\drivers\cmswpy49.sys><Microsoft Corporation>
[ialm / ialm]
<system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[OMCI / OMCI]
<\SystemRoot\SYSTEM32\DRIVERS\OMCI.SYS><Dell Computer Corporation>
[Direct Parallel Link Driver / Ptilink]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[senfilt / senfilt]
<system32\drivers\senfilt.sys><Creative Technology Ltd.>
[uamlif18 / uamlif18]
<\??\C:\WINDOWS\system32\drivers\uamlif18.sys><Microsoft Corporation>

==================================
浏览器加载项
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[Active Desktop Mover]
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[eqiso Toolbar]
{B7D3E479-CC68-42B5-A338-938ECE35F419} <C:\Program Files\EqisoToolbar\eqiso.dll, N/A>
[AUDIO__X_MS_WMA Moniker Class]
{CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[使用网际快车下载]
<C:\Program Files\FlashGet\jc_link.htm, N/A>
[使用网际快车下载全部链接]
<C:\Program Files\FlashGet\jc_all.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>

==================================
正在运行的进程
[PID: 132][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 188][\??\C:\windows\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 212][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 256][C:\windows\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 268][C:\windows\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 400][C:\windows\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 464][C:\windows\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 520][C:\windows\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 728][C:\windows\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows\system32\msdmo.dll] [N/A, N/A]
[C:\Program Files\WinRAR\rarext.dll] [N/A, N/A]
[C:\Program Files\Alwil Software\Avast4\ashShell.dll] [ALWIL Software, 4, 7, 889, 0]
[PID: 960][C:\windows\system32\conime.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1084][C:\Documents and Settings\Owner\桌面\SREng\SREng.exe] [Smallfrogs Studio, 2.2.6.605]

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\windows\hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 localhost

==================================
gototop
 
如影随行1
头像
初生襁褓狮
  • 帖子:50
  • 注册: 2006-10-11
  • 来自:
发表于: 2006-10-12 12:43 | 只看楼主 短消息 资料
字号: 6楼

Winlogon的问题不在了,又出现新的问题

2006-10-12,12:18:56

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows XP Home Edition Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\windows\system32\ctfmon.exe> [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><C:\PROGRA~1\svhost32.exe> [N/A]
<run><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Corporation]
<PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Corporation]
<PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Corporation]
<SoundMAXPnP><C:\Program Files\Analog Devices\Core\smax4pnp.exe> [(Verified)Analog Devices, Inc.]
<IgfxTray><C:\WINDOWS\system32\igfxtray.exe> [(Verified)Intel Corporation]
<HotKeysCmds><C:\WINDOWS\system32\hkcmd.exe> [(Verified)Intel Corporation]
<avast!><C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe> [(Verified)N/A]
<IMSCMig><; C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload> [(Verified)Microsoft Corporation]
<pdfFactory Pro 分配器 v2><"C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /runonce> [FinePrint Software, LLC]
<Tray><C:\windows\command\rundll32.exe> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><C:\windows\system32\userinit.exe,> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Corporation]

==================================
启动文件夹
N/A

==================================
服务
[avast! iAVS4 Control Service / aswUpdSv]
<"C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"><N/A>
[avast! Antivirus / avast! Antivirus]
<"C:\Program Files\Alwil Software\Avast4\ashServ.exe"><N/A>
[avast! Mail Scanner / avast! Mail Scanner]
<"C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service><ALWIL Software>
[avast! Web Scanner / avast! Web Scanner]
<"C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service><ALWIL Software>

==================================
驱动程序
[avast! Asynchronous Virus Monitor / Aavmker4]
<C:\windows\SYSTEM32\DRIVERS\Aavmker4.SYS><ALWIL Software>
[avast! Standard Shield Support / aswMon2]
<C:\windows\SYSTEM32\DRIVERS\aswMon2.SYS><ALWIL Software>
[aswRdr / aswRdr]
<C:\windows\SYSTEM32\DRIVERS\aswRdr.SYS><ALWIL Software>
[avast! Network Shield Support / aswTdi]
<C:\windows\SYSTEM32\DRIVERS\aswTdi.SYS><ALWIL Software>
[Broadcom 440x 10/100 Integrated Controller XP Driver / bcm4sbxp]
<system32\DRIVERS\bcm4sbxp.sys><Broadcom Corporation>
[cmswpy49 / cmswpy49]
<\??\C:\WINDOWS\system32\drivers\cmswpy49.sys><Microsoft Corporation>
[ialm / ialm]
<system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[OMCI / OMCI]
<\SystemRoot\SYSTEM32\DRIVERS\OMCI.SYS><Dell Computer Corporation>
[Direct Parallel Link Driver / Ptilink]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[senfilt / senfilt]
<system32\drivers\senfilt.sys><Creative Technology Ltd.>
[uamlif18 / uamlif18]
<\??\C:\WINDOWS\system32\drivers\uamlif18.sys><Microsoft Corporation>

==================================
浏览器加载项
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[Active Desktop Mover]
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[eqiso Toolbar]
{B7D3E479-CC68-42B5-A338-938ECE35F419} <C:\Program Files\EqisoToolbar\eqiso.dll, N/A>
[AUDIO__X_MS_WMA Moniker Class]
{CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[使用网际快车下载]
<C:\Program Files\FlashGet\jc_link.htm, N/A>
[使用网际快车下载全部链接]
<C:\Program Files\FlashGet\jc_all.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>

==================================
正在运行的进程
[PID: 364][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 592][\??\C:\windows\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 616][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 660][C:\windows\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 672][C:\windows\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 824][C:\windows\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 888][C:\windows\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 980][C:\windows\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1028][C:\windows\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1136][C:\windows\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1484][C:\windows\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows\system32\fppmon2.dll] [FinePrint Software, LLC, 2.10]
[C:\windows\system32\fppr232.dll] [FinePrint Software, LLC, 2.10]
[PID: 1504][C:\windows\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows\system32\tdll.dll] [N/A, N/A]
[C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll] [ALWIL Software, 4, 7, 889, 0]
[PID: 1672][C:\WINDOWS\system32\hkcmd.exe] [Intel Corporation, 3.0.0.3889]
[C:\WINDOWS\system32\hccutils.DLL] [Intel Corporation, 3.0.0.3889]
[C:\WINDOWS\system32\igfxdev.dll] [Intel Corporation, 3.0.0.3889]
[C:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.3889]
[C:\WINDOWS\system32\igfxhk.dll] [Intel Corporation, 3.0.0.3889]
[C:\WINDOWS\system32\igfxres.dll] [Intel Corporation, 3.0.0.3889]
[C:\windows\system32\tdll.dll] [N/A, N/A]
[PID: 1680][C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe] [N/A, 5, 0, 0, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 889, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 889, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 889, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 889, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 889, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 889, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 889, 0]
[C:\Program Files\Alwil Software\Avast4\ChineseS\Base.dll] [ALWIL Software, 4, 7, 889, 0]
[C:\Program Files\Alwil Software\Avast4\ChineseS\Lang.dll] [ALWIL Software, 4, 7, 889, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\AavmRpch.dll] [ALWIL Software, 4, 7, 889, 0]
[C:\windows\system32\tdll.dll] [N/A, N/A]
[c:\program files\alwil software\avast4\ahruistd.dll] [ALWIL Software, 4, 7, 889, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\ashUInt.dll] [ALWIL Software, 4, 7, 889, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\XT1922.dll] [Codejock Software, 1, 9, 4, 0]
[c:\program files\alwil software\avast4\ahruiws.dll] [ALWIL Software, 4, 7, 889, 0]
[c:\program files\alwil software\avast4\ahruijs.dll] [N/A, 4, 7, 889, 0]
[c:\program files\alwil software\avast4\ahruimai.dll] [ALWIL Software, 4, 7, 889, 0]
[c:\program files\alwil software\avast4\ahruimes.dll] [ALWIL Software, 4, 7, 889, 0]
[c:\program files\alwil software\avast4\ahruins.dll] [ALWIL Software, 4, 7, 889, 0]
[c:\program files\alwil software\avast4\ahruiout.dll] [ALWIL Software, 4, 7, 889, 0]
[c:\program files\alwil software\avast4\ahruip2p.dll] [ALWIL Software, 4, 7, 889, 0]
[C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll] [ALWIL Software, 4, 7, 889, 0]
gototop
 
如影随行1
头像
初生襁褓狮
  • 帖子:50
  • 注册: 2006-10-11
  • 来自:
发表于: 2006-10-12 12:43 | 只看楼主 短消息 资料
字号: 7楼

[C:\windows\system32\dllwm.dll] [N/A, N/A]
[PID: 1696][C:\windows\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows\system32\tdll.dll] [N/A, N/A]
[PID: 1920][C:\windows\system32\conime.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows\system32\tdll.dll] [N/A, N/A]
[PID: 1984][C:\windows\1Sy.exe] [N/A, N/A]
[C:\windows\system32\tdll.dll] [N/A, N/A]
[PID: 148][C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe] [N/A, N/A]
[C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 889, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 889, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 889, 0]
[PID: 164][C:\Program Files\Alwil Software\Avast4\ashServ.exe] [N/A, 4, 7, 889, 0]
[C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 889, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 889, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 889, 0]
[C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 7, 892, 0]
[C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 7, 889, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 889, 0]
[C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 889, 0]
[C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 889, 0]
[C:\Program Files\Alwil Software\Avast4\aswInteg.dll] [ALWIL Software, 4, 7, 889, 0]
[C:\Program Files\Alwil Software\Avast4\aswIdle.dll] [ALWIL Software, 4, 7, 889, 0]
[C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 889, 0]
[C:\Program Files\Alwil Software\Avast4\ChineseS\Base.dll] [ALWIL Software, 4, 7, 889, 0]
[C:\Program Files\Alwil Software\Avast4\UNACEV2.DLL] [N/A, N/A]
[C:\Program Files\Alwil Software\Avast4\AhResStd.dll] [ALWIL Software, 4, 7, 889, 0]
[C:\Program Files\Alwil Software\Avast4\AhResWS.dll] [ALWIL Software, 4, 7, 889, 0]
[C:\Program Files\Alwil Software\Avast4\AhResJs.dll] [ALWIL Software, 4, 7, 889, 0]
[C:\Program Files\Alwil Software\Avast4\AhResMai.dll] [ALWIL Software, 4, 7, 889, 0]
[C:\Program Files\Alwil Software\Avast4\ahResMes.dll] [ALWIL Software, 4, 7, 889, 0]
[C:\Program Files\Alwil Software\Avast4\AhResNS.dll] [ALWIL Software, 4, 7, 889, 0]
[C:\Program Files\Alwil Software\Avast4\AhResOut.dll] [ALWIL Software, 4, 7, 889, 0]
[C:\Program Files\Alwil Software\Avast4\ahResP2P.dll] [ALWIL Software, 4, 7, 889, 0]
[C:\Program Files\Alwil Software\Avast4\ashSSqlt.dll] [ALWIL Software, 4, 6, 763, 0]
[C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll] [ALWIL Software, 4, 7, 889, 0]
[C:\Program Files\Alwil Software\Avast4\aswRes.dll] [ALWIL Software, 4, 7, 889, 0]
[PID: 468][C:\Program Files\svhost32.exe] [N/A, N/A]
[C:\windows\system32\dllwm.dll] [N/A, N/A]
[C:\windows\system32\tdll.dll] [N/A, N/A]
[PID: 576][C:\windows\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1300][C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe] [ALWIL Software, 4, 7, 889, 0]
[C:\Program Files\Alwil Software\Avast4\ashUInt.dll] [ALWIL Software, 4, 7, 889, 0]
[C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 889, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 889, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 889, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 889, 0]
[C:\Program Files\Alwil Software\Avast4\XT1922.dll] [Codejock Software, 1, 9, 4, 0]
[C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 889, 0]
[C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 889, 0]
[C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 889, 0]
[C:\Program Files\Alwil Software\Avast4\AhResMai.dll] [ALWIL Software, 4, 7, 889, 0]
[C:\Program Files\Alwil Software\Avast4\ChineseS\Base.dll] [ALWIL Software, 4, 7, 889, 0]
[C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 7, 892, 0]
[C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 7, 889, 0]
[C:\Program Files\Alwil Software\Avast4\ChineseS\Lang.dll] [ALWIL Software, 4, 7, 889, 0]
[C:\Program Files\Alwil Software\Avast4\ChineseS\langmai.dll] [ALWIL Software, 4, 7, 889, 0]
[C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll] [ALWIL Software, 4, 7, 889, 0]
[PID: 1316][C:\Program Files\Alwil Software\Avast4\ashWebSv.exe] [ALWIL Software, 4, 7, 889, 0]
[C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 889, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 889, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 889, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 889, 0]
[C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 889, 0]
[C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 889, 0]
[C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 889, 0]
[C:\Program Files\Alwil Software\Avast4\ChineseS\Base.dll] [ALWIL Software, 4, 7, 889, 0]
[C:\Program Files\Alwil Software\Avast4\ashWsFtr.dll] [ALWIL Software, 4, 7, 889, 0]
[C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 7, 889, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\AhResWs.dll] [ALWIL Software, 4, 7, 889, 0]
[C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 7, 892, 0]
[PID: 2176][C:\windows\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2456][C:\windows\system32\wuauclt.exe] [Microsoft Corporation, 5.8.0.2469 built by: lab01_n(wmbla)]
[PID: 2616][C:\windows\system32\wuauclt.exe] [Microsoft Corporation, 5.8.0.2469 built by: lab01_n(wmbla)]
[C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll] [ALWIL Software, 4, 7, 889, 0]
[PID: 2644][C:\Documents and Settings\Owner\桌面\SREng\SREng.exe] [Smallfrogs Studio, 2.2.6.605]
[C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll] [ALWIL Software, 4, 7, 889, 0]
[C:\windows\system32\tdll.dll] [N/A, N/A]

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\windows\hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 localhost

==================================
gototop
 
如影随行1
头像
初生襁褓狮
  • 帖子:50
  • 注册: 2006-10-11
  • 来自:
发表于: 2006-10-12 12:55 | 只看楼主 短消息 资料
字号: 8楼

进安全模式后没有任何操作,在进安全模式前试图用Icesword 模块分析找到explore.exe 中的dll.dll中断,然后删除,结果未果

解决2个winlogon问题后,短时正常,后avast报告发现病毒,并有访问外部网站病毒

2006-10-10 12:15:37Owner160Sign of "Win32:Trojano-DF [Trj]" has been found in "c:\program files\3721\ske\wmpns.dll" file. 
2006-10-10 13:59:42Owner460Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\WINDOWS\system32\mssv132.exe" file. 
2006-10-10 14:02:10Owner460Sign of "Win32:Agent-BRC [Trj]" has been found in "C:\WINDOWS\Setup_YH0017.exe\[ASPack]" file. 
2006-10-10 14:07:00Owner460Sign of "Win32:QQpass-BM [Trj]" has been found in "C:\Program Files\Internet Explorer\PLUGINS\system16.sys\[UPX]" file. 
2006-10-10 14:07:16Owner460Sign of "Win32:Lmir-BI [Trj]" has been found in "C:\Program Files\Internet Explorer\boot3.exe\[NsPack]" file. 
2006-10-10 14:09:48Owner460Sign of "Win32:Spyware-gen. [Trj]" has been found in "C:\Program Files\SearchCar\SearchCar.dll" file. 
2006-10-10 14:11:14Owner460Sign of "Win32:Trojano-DF [Trj]" has been found in "C:\Program Files\3721\ske\wmpns.dll" file. 
2006-10-10 14:11:20Owner460Sign of "Win32:Trojano-DF [Trj]" has been found in "C:\Program Files\3721\ske\wmpns.cab\wmpns.dll" file. 
2006-10-10 14:11:25Owner460Sign of "Win32:Trojano-DF [Trj]" has been found in "C:\Program Files\3721\ske\snpmw.dll" file. 
2006-10-10 15:28:11Owner1948Sign of "Win32:StartPage-189 [Trj]" has been found in "C:\Documents and Settings\Owner\桌面\RegClean.com" file. 
2006-10-11 9:04:10SYSTEM192Sign of "Win32:Agent-BQC [Trj]" has been found in "C:\Program Files\ProcView32\cnnic.exe" file. 
2006-10-11 9:10:03SYSTEM192Sign of "Win32:Delf-YQ [Trj]" has been found in "http://www.wangyou315.com/xiazai/down.exe" file. 
2006-10-11 11:14:47SYSTEM292Sign of "Win32:Lineage-318 [Trj]" has been found in "C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\IV5LD5WU\rxjh[1].exe\[UPX]" file. 
2006-10-11 11:15:43SYSTEM292Sign of "Win32:Lineage-318 [Trj]" has been found in "C:\WINDOWS\1Sy.exe\[UPX]" file. 
2006-10-11 11:16:17SYSTEM292Sign of "Win32:Delf-YQ [Trj]" has been found in "http://www.wangyou315.com/xiazai/down.exe" file. 
2006-10-11 11:32:37SYSTEM292Sign of "Win32:QQpass-X [Trj]" has been found in "C:\WINDOWS\system32\msdll.dll" file. 
2006-10-11 11:32:45SYSTEM292Sign of "Win32:Lineage-351 [Trj]" has been found in "C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\MNZTSSPG\wm[1].exe\[Upack]" file. 
2006-10-11 11:34:17SYSTEM292Sign of "Win32:Lineage-351 [Trj]" has been found in "C:\WINDOWS\4Sy.exe\[Upack]" file. 
2006-10-11 11:34:17SYSTEM292Sign of "Win32:Lineage-351 [Trj]" has been found in "C:\WINDOWS\4Sy.exe\[Upack]" file. 
2006-10-11 11:39:01SYSTEM308Sign of "Win32:QQpass-X [Trj]" has been found in "C:\WINDOWS\system32\msdll.dll" file. 
2006-10-11 11:41:30SYSTEM308Sign of "Win32:QQpass-X [Trj]" has been found in "C:\WINDOWS\system32\msdll.dll" file. 
2006-10-11 11:41:41SYSTEM308Sign of "Win32:QQpass-X [Trj]" has been found in "C:\WINDOWS\system32\msdll.dll" file. 
2006-10-11 11:41:44SYSTEM308Sign of "Win32:QQpass-X [Trj]" has been found in "C:\WINDOWS\system32\msdll.dll" file. 
2006-10-11 11:42:55SYSTEM308Sign of "Win32:QQpass-X [Trj]" has been found in "C:\WINDOWS\system32\msdll.dll" file. 
2006-10-11 13:33:15Owner1976Sign of "Win32:Downloader-CR [Trj]" has been found in "c:\documents and settings\owner\桌面\trojan.psw.misc.gen专杀.exe\[ASPack]" file. 
2006-10-11 13:43:35Owner1600Sign of "Win32:Agent-BRC [Trj]" has been found in "C:\WINDOWS\Setup_YH0017.exe\[ASPack]" file. 
2006-10-11 15:34:52Owner388Sign of "Win32:Lineage-318 [Trj]" has been found in "C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\CDQ74D2V\rxjh[1].exe\[UPX]" file. 
2006-10-11 15:35:06Owner388Sign of "Win32:Netsky-AF [Wrm]" has been found in "传入邮件 'Mail Delivery (failure wj@rufn88.com)' 起: jrpark@poskom.co.kr, 止: wj@rufn88.com\message.scr#3326862776" file. 
2006-10-11 15:35:18Owner388Sign of "Win32:Netsky-AF [Wrm]" has been found in "传入邮件 'Mail Delivery (failure wj@rufn88.com)' 起: slcksh@foa.go.kr, 止: wj@rufn88.com\message.scr#3326862776" file. 
2006-10-11 15:37:55Owner388Sign of "Win32:Lineage-318 [Trj]" has been found in "C:\WINDOWS\1Sy.exe\[UPX]" file. 
2006-10-11 15:38:49Owner388Sign of "Win32:Lineage-318 [Trj]" has been found in "C:\WINDOWS\1Sy.exe\[UPX]" file. 
2006-10-11 15:39:20Owner388Sign of "Win32:Plunix-D [Trj]" has been found in "C:\Documents and Settings\Owner\桌面\tools virus\灰鸽子清除器B3.exe\[NsPack]" file. 
2006-10-11 15:40:14Owner388Sign of "Win32:Downloader-CR [Trj]" has been found in "C:\Documents and Settings\Owner\桌面\tools virus\Trojan.PSW.Misc.Gen专杀.exe\[ASPack]" file. 
2006-10-11 17:19:56SYSTEM224Sign of "Win32:Small-CAW [Trj]" has been found in "http://ma.98joy.com/40143.exe" file. 
2006-10-11 17:20:14SYSTEM224Sign of "Win32:Tiny-BT [Trj]" has been found in "http://www.9000music.com/a/a.exe" file. 
gototop
 
如影随行1
头像
初生襁褓狮
  • 帖子:50
  • 注册: 2006-10-11
  • 来自:
发表于: 2006-10-12 12:56 | 只看楼主 短消息 资料
字号: 9楼

2006-10-11 15:35:06Owner388Sign of "Win32:Netsky-AF [Wrm]" has been found in "传入邮件 'Mail Delivery (failure wj@rufn88.com)' 起: jrpark@poskom.co.kr, 止: wj@rufn88.com\message.scr#3326862776" file. 
2006-10-11 15:35:18Owner388Sign of "Win32:Netsky-AF [Wrm]" has been found in "传入邮件 'Mail Delivery (failure wj@rufn88.com)' 起: slcksh@foa.go.kr, 止: wj@rufn88.com\message.scr#3326862776" file. 
2006-10-11 15:37:55Owner388Sign of "Win32:Lineage-318 [Trj]" has been found in "C:\WINDOWS\1Sy.exe\[UPX]" file. 
2006-10-11 15:38:49Owner388Sign of "Win32:Lineage-318 [Trj]" has been found in "C:\WINDOWS\1Sy.exe\[UPX]" file. 
2006-10-11 15:39:20Owner388Sign of "Win32:Plunix-D [Trj]" has been found in "C:\Documents and Settings\Owner\桌面\tools virus\灰鸽子清除器B3.exe\[NsPack]" file. 
2006-10-11 15:40:14Owner388Sign of "Win32:Downloader-CR [Trj]" has been found in "C:\Documents and Settings\Owner\桌面\tools virus\Trojan.PSW.Misc.Gen专杀.exe\[ASPack]" file. 
2006-10-11 17:19:56SYSTEM224Sign of "Win32:Small-CAW [Trj]" has been found in "http://ma.98joy.com/40143.exe" file. 
2006-10-11 17:20:14SYSTEM224Sign of "Win32:Tiny-BT [Trj]" has been found in "http://www.9000music.com/a/a.exe" file. 
2006-10-11 17:20:19SYSTEM224Sign of "Win32:Wow-AK [Trj]" has been found in "C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\QLIVBME8\dll1[1].exe\[FSG]" file. 
2006-10-11 17:22:23SYSTEM224Sign of "Win32:Delf-APJ [Trj]" has been found in "C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\VFX4ZMKM\dll2[1].exe" file. 
2006-10-11 17:22:26SYSTEM224Sign of "Win32:Delf-APJ [Trj]" has been found in "C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\G9YRW5EJ\dll2[1].exe" file. 
2006-10-11 17:22:35SYSTEM224Sign of "Win32:Delf-APJ [Trj]" has been found in "C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\C5YZCXQB\dll4[1].exe" file. 
2006-10-11 17:22:37SYSTEM224Sign of "Win32:Wow-AK [Trj]" has been found in "C:\Program Files\Internet Explorer\dll1.exe\[FSG]" file. 
2006-10-11 17:22:41SYSTEM224Sign of "Win32:Delf-APJ [Trj]" has been found in "C:\Program Files\Internet Explorer\dll2.exe" file. 
2006-10-11 17:22:44SYSTEM224Sign of "Win32:Delf-APJ [Trj]" has been found in "C:\Program Files\Internet Explorer\dll4.exe" file. 
2006-10-11 17:22:46SYSTEM224Sign of "Win32:Delf-APJ [Trj]" has been found in "C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\G9YRW5EJ\dll2[1].exe" file. 
2006-10-11 17:22:46SYSTEM224Sign of "Win32:Delf-APJ [Trj]" has been found in "C:\Program Files\Internet Explorer\dll4.exe" file. 
2006-10-11 17:22:47SYSTEM224Sign of "Win32:Delf-APJ [Trj]" has been found in "C:\Program Files\Internet Explorer\dll2.exe" file. 
2006-10-11 17:22:47SYSTEM224Sign of "Win32:MianCrypt-gen [Trj]" has been found in "C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\QLIVBME8\dll5[1].exe" file. 
2006-10-11 17:23:01SYSTEM224Sign of "Win32:Delf-APJ [Trj]" has been found in "C:\Program Files\Internet Explorer\dll2.exe" file. 
2006-10-11 17:23:06SYSTEM224Sign of "Win32:MianCrypt-gen [Trj]" has been found in "C:\Program Files\Internet Explorer\dll5.exe" file. 
2006-10-11 17:23:18SYSTEM224Sign of "Win32:Delf-APJ [Trj]" has been found in "C:\Program Files\Internet Explorer\dll4.exe" file. 
2006-10-11 17:23:22SYSTEM224Sign of "Win32:MianCrypt-gen [Trj]" has been found in "C:\Program Files\Internet Explorer\dll5.exe" file. 
2006-10-11 18:44:00Owner3436Sign of "Win32:Lineage-318 [Trj]" has been found in "C:\WINDOWS\1Sy.exe\[UPX]" file. 
2006-10-11 18:48:46Owner3436Sign of "Win32:Downloader-CR [Trj]" has been found in "C:\Documents and Settings\Owner\桌面\tools virus\LSASS专杀.rar\Trojan.PSW.Misc.Gen专杀.exe\[ASPack]" file. 
2006-10-11 19:25:17SYSTEM232Sign of "Win32:Small-CAW [Trj]" has been found in "C:\windows\system32\drivers\etcdriver\bind_40123.exe" file. 
2006-10-11 21:22:27SYSTEM200Sign of "Win32:Small-CAW [Trj]" has been found in "http://ma.98joy.com/40143.exe" file. 
2006-10-11 21:22:43SYSTEM200Sign of "Win32:Tiny-BT [Trj]" has been found in "http://www.9000music.com/a/a.exe" file. 
2006-10-11 21:22:47SYSTEM200Sign of "Win32:Delf-APJ [Trj]" has been found in "C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\SLYZK1EV\dll2[2].exe" file. 
2006-10-11 21:22:59SYSTEM200Sign of "Win32:Delf-APJ [Trj]" has been found in "C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\SLYZK1EV\dll2[1].exe" file. 
2006-10-11 21:23:03SYSTEM200Sign of "Win32:Wow-AK [Trj]" has been found in "C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\KGA9VTCC\dll1[1].exe\[FSG]" file. 
2006-10-11 21:23:56SYSTEM200Sign of "Win32:Delf-APJ [Trj]" has been found in "C:\Program Files\Internet Explorer\dll2.exe" file. 
2006-10-11 21:23:58SYSTEM200Sign of "Win32:Delf-APJ [Trj]" has been found in "C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\89MJWDU7\dll4[1].exe" file. 
2006-10-11 21:24:00SYSTEM200Sign of "Win32:Wow-AK [Trj]" has been found in "C:\Program Files\Internet Explorer\dll1.exe\[FSG]" file. 
2006-10-11 21:24:02SYSTEM200Sign of "Win32:Delf-APJ [Trj]" has been found in "C:\Program Files\Internet Explorer\dll2.exe" file. 
2006-10-11 21:24:03SYSTEM200Sign of "Win32:Delf-APJ [Trj]" has been found in "C:\Program Files\Internet Explorer\dll4.exe" file. 
2006-10-11 21:24:32SYSTEM200Sign of "Win32:Wow-AK [Trj]" has been found in "C:\Program Files\Internet Explorer\dll1.exe\[FSG]" file. 
2006-10-11 21:24:37SYSTEM200Sign of "Win32:MianCrypt-gen [Trj]" has been found in "C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\KGA9VTCC\dll5[1].exe" file. 
2006-10-11 21:24:37SYSTEM200Sign of "Win32:Delf-APJ [Trj]" has been found in "C:\Program Files\Internet Explorer\dll4.exe" file. 
2006-10-11 21:24:37SYSTEM200Sign of "Win32:MianCrypt-gen [Trj]" has been found in "C:\Program Files\Internet Explorer\dll5.exe" file. 
2006-10-11 21:24:37SYSTEM200Sign of "Win32:MianCrypt-gen [Trj]" has been found in "C:\Program Files\Internet Explorer\dll5.exe" file. 
2006-10-11 21:24:37SYSTEM200Sign of "Win32:Delf-APJ [Trj]" has been found in "C:\Program Files\Internet Explorer\dll2.exe" file. 
2006-10-11 21:24:37SYSTEM200Sign of "Win32:Delf-APJ [Trj]" has been found in "C:\Program Files\Internet Explorer\dll4.exe" file. 
2006-10-11 21:24:37SYSTEM200Sign of "Win32:MianCrypt-gen [Trj]" has been found in "C:\Program Files\Internet Explorer\dll5.exe" file. 
2006-10-12 10:58:38SYSTEM2008Sign of "Win32:Netsky-AF [Wrm]" has been found in "传入邮件 'Mail Delivery (failure wj@rufn88.com)' 起: lola@sexnet.com, 止: wj@rufn88.com\message.scr#3326862776" file. 
2006-10-12 11:05:40SYSTEM2008Sign of "Win32:Lineage-318 [Trj]" has been found in "http://www.wmsjsf.com/image/rxjh.exe\[UPX]" file. 
2006-10-12 11:05:54SYSTEM2008Sign of "Win32:Lineage-351 [Trj]" has been found in "http://www.wmsjsf.com/image/wm.exe\[Upack]" file. 
2006-10-12 12:06:24SYSTEM164Sign of "Win32:QQpass-X [Trj]" has been found in "C:\windows\system32\dllwm.dll" file. 
2006-10-12 12:17:22SYSTEM164Sign of "Win32:Lineage-351 [Trj]" has been found in "C:\progra~1\svhost32.exe\[Upack]" file. 
2006-10-12 12:18:48SYSTEM164Sign of "Win32:Lineage-318 [Trj]" has been found in "C:\WINDOWS\1SY.EXE\[UPX]" file. 
gototop
 
mopery
头像
卡卡技术团队
  • 帖子:17737
  • 注册: 2005-12-06
  • 来自:New York
卡卡名人堂论坛9周年纪念
发表于: 2006-10-12 13:17 | 短消息 资料
字号: 10楼

O23 - Service: systeem - Unknown owner - C:\WINDOWS\G_Server1.23.exe
灰鸽子..安全模式...打开注册表编辑器,展开:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
搜索 systeem 删除...
删除
C:\WINDOWS\G_Server1.23.exe

修复
O2 - BHO: (no name) - {FE32DECF-06AD-426E-9F53-3018A366B5AE} - C:\WINDOWS\system32\sys32version.dll
O4 - HKLM\..\Run: [C:\setupcmd.exe] C:\setupcmd.exe
删除
C:\WINDOWS\system32\sys32version.dll
C:\setupcmd.exe
gototop
 
<<上一主题|下一主题>>
12   1  /  2  页   跳转
页面顶部
Powered by Discuz!NT