1   1  /  1  页   跳转

高手给看看日志 谢谢!

收藏
sstone
头像
初生襁褓狮
  • 帖子:10
  • 注册: 2007-02-08
  • 来自:
发表于: 2007-02-09 16:29 | 只看楼主 短消息 资料
字号: 1楼

高手给看看日志 谢谢!

[CODE]

2007-02-09,16:12:32

System Repair Engineer 2.3.13.690
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Professional Service Pack 4 (Build 2195)
- 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <Internat.exe><internat.exe>  [(Verified)Microsoft Corporation]
    <jiajiasr><D:\Program Files\jj4\jiajiasr.exe>  [加加工作组]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <Synchronization Manager><mobsync.exe /logon>  [(Verified)Microsoft Corporation]
    <IgfxTray><C:\WINNT\system32\igfxtray.exe>  [(Verified)Intel Corporation]
    <HotKeysCmds><C:\WINNT\system32\hkcmd.exe>  [(Verified)Intel Corporation]
    <SoundMan><SOUNDMAN.EXE>  [Realtek Semiconductor Corp.]
    <runeip><C:\Program Files\Rising\AntiSpyware\runiep.exe>  [Beijing Rising Technology Co., Ltd.]
    <AVP><"D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe">  [Kaspersky Lab]
    <RfwMain><"d:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><75976M.BMP>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
    <WinlogonNotify: klogon><C:\WINNT\system32\klogon.dll>  [Kaspersky Lab]

==================================
启动文件夹
N/A

==================================
服务
[Kaspersky Anti-Virus 6.0 / AVP][Running/Auto Start]
  <"D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r><Kaspersky Lab>
[Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
  <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[MSSQLSERVER / MSSQLSERVER][Running/Auto Start]
  <d:\MICROS~1\MSSQL\binn\sqlservr.exe><Microsoft Corporation>
[Rising Proxy  Service / RfwProxySrv][Stopped/Manual Start]
  <d:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Stopped/Auto Start]
  <d:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[SQLSERVERAGENT / SQLSERVERAGENT][Stopped/Manual Start]
  <d:\MICROS~1\MSSQL\binn\sqlagent.exe><Microsoft Corporation>
[Windows DHCP Service / WinDHCPsvc][Stopped/Auto Start]
  <C:\WINNT\system32\rundll32.exe windhcp.ocx,start><Microsoft Corporation>
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]
  <C:\WINNT\System32\svchost.exe -k netsvcs-->C:\WINNT\system32\mspmsnsv.dll><Microsoft Corporation>

==================================
驱动程序
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[Rising TDI Base Driver / BaseTDI][Stopped/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[dmboot / dmboot][Stopped/Disabled]
  <System32\drivers\dmboot.sys><VERITAS Software Corp.>
[Logical Disk Manager Driver / dmio][Running/Boot Start]
  <\SystemRoot\System32\drivers\dmio.sys><VERITAS Software Corp.>
[dmload / dmload][Running/Boot Start]
  <\SystemRoot\System32\drivers\dmload.sys><VERITAS Software Corp.>
[HookUrl / HookUrl][Running/Auto Start]
  <\??\d:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[ialm / ialm][Running/Manual Start]
  <system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[IdeBusDr / IdeBusDr][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\IdeBusDr.sys><Intel Corporation>
[Intel(R) Ultra ATA Controller / IdeChnDr][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\IdeChnDr.sys><Intel Corporation>
[kl1 / kl1][Running/Boot Start]
  <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[RsFwDrv / RsFwDrv][Stopped/Auto Start]
  <\??\d:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[Realtek RTL8139/810x Family Fast Etnernet NIC NT Driver / rtl8139][Running/Manual Start]
  <system32\DRIVERS\R8139n5.SYS><Realtek Semiconductor Corporation>
[Intel(R) Graphics Platform (SoftBIOS) Driver / {6080A529-897E-4629-A488-ABA0C29B635E}][Running/Manual Start]
  <system32\drivers\ialmsbw.sys><Intel Corporation>
[Intel(R) Graphics Chipset (KCH) Driver / {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}][Running/Manual Start]
  <system32\drivers\ialmkchw.sys><Intel Corporation>

==================================
浏览器加载项
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[IeCatch2 Class]
  {A5366673-E8CA-11D3-9CD9-0090271D075B} <D:\PROGRA~1\FLASHGET\jccatch.dll, Amaze Soft>
[网页]
  {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll, Kaspersky Lab>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <d:\Program Files\Tencent\QQ\QQ.EXE, N/A>
[FlashGet]
  {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <D:\PROGRA~1\FLASHGET\flashget.exe, Amaze Soft>
[@msdxmLC.dll,-1@2052,电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\system32\msdxm.ocx, Microsoft Corporation>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINNT\system32\KakaTool.dll, Beijing Rising Technology Co., Ltd.>
[FlashGet Bar]
  {E0E899AB-F487-11D5-8D29-0050BA6940E3} <D:\PROGRA~1\FLASHGET\fgiebar.dll, Amaze Soft>
[JatoolsPrinter Class]
  {B43D3361-D975-4BE2-87FE-057188254255} <C:\WINNT\Downloaded Program Files\jatoolsP.dll, jatools software co.,ltd>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[使用网际快车下载]
  <D:\Program Files\FlashGet\jc_link.htm, N/A>
[使用网际快车下载全部链接]
  <D:\Program Files\FlashGet\jc_all.htm, N/A>
[添加到QQ自定义面板]
  <d:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <d:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <d:\Program Files\Tencent\QQ\SendMMS.htm, N/A>

==================================
正在运行的进程
[PID: 172][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 196][\??\C:\WINNT\system32\csrss.exe]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 216][\??\C:\WINNT\system32\winlogon.exe]  [Microsoft Corporation, 5.00.2195.6997]
    [C:\WINNT\75976M.BMP]  [N/A, N/A]
    [C:\WINNT\system32\klogon.dll]  [Kaspersky Lab, 6.0.1.411]
[PID: 252][C:\WINNT\system32\services.exe]  [Microsoft Corporation, 5.00.2195.7035]
    [C:\WINNT\75976M.BMP]  [N/A, N/A]
    [C:\WINNT\system32\dmserver.dll]  [VERITAS Software Corp., 2195.6605.297.3]
[PID: 264][C:\WINNT\system32\lsass.exe]  [Microsoft Corporation, 5.00.2195.7011]
    [C:\WINNT\75976M.BMP]  [N/A, N/A]
[PID: 464][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\75976M.BMP]  [N/A, N/A]
[PID: 500][C:\WINNT\system32\spoolsv.exe]  [Microsoft Corporation, 5.00.2195.7059]
    [C:\WINNT\75976M.BMP]  [N/A, N/A]
[PID: 540][D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe]  [Kaspersky Lab, 6.0.1.411]
    [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prremote.dll]  [Kaspersky Lab, 6.0.1.411]
    [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\FSSync.dll]  [Kaspersky Lab, 6.0.5.0]
    [C:\WINNT\75976M.BMP]  [N/A, N/A]
    [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\AVPGS.PPL]  [Kaspersky Lab, 6.0.1.411]
最后编辑2007-02-09 18:08:04.827000000
分享到:
gototop
 
sstone
头像
初生襁褓狮
  • 帖子:10
  • 注册: 2007-02-08
  • 来自:
发表于: 2007-02-09 16:30 | 只看楼主 短消息 资料
字号: 2楼

[D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll]  [Kaspersky Lab, 6.0.1.411]
    [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prkernel.ppl]  [Kaspersky Lab, 6.0.1.411]
    [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\pxstub.ppl]  [Kaspersky Lab, 6.0.1.411]
    [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\params.ppl]  [Kaspersky Lab, 6.0.1.411]
    [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\winreg.ppl]  [Kaspersky Lab, 6.0.1.411]
    [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\tm.ppl]  [Kaspersky Lab, 6.0.1.411]
    [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\nfio.ppl]  [Kaspersky Lab, 6.0.1.411]
    [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\fsdrvplgn.ppl]  [Kaspersky Lab, 6.0.1.411]
    [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\bl.ppl]  [Kaspersky Lab, 6.0.1.411]
    [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\wmihlpr.ppl]  [Kaspersky Lab, 6.0.1.411]
    [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\ndetect.ppl]  [Kaspersky Lab, 6.0.1.411]
    [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\crpthlpr.ppl]  [Kaspersky Lab, 6.0.1.411]
    [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\schedule.ppl]  [Kaspersky Lab, 6.0.1.411]
    [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\timer.ppl]  [Kaspersky Lab, 6.0.1.411]
    [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\thpimpl.ppl]  [Kaspersky Lab, 6.0.1.411]
    [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\lic60.ppl]  [Kaspersky Lab, 6.0.1.411]
    [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\report.ppl]  [Kaspersky Lab, 6.0.1.411]
    [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\hashmd5.ppl]  [Kaspersky Lab, 6.0.1.411]
    [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\avs.ppl]  [Kaspersky Lab, 6.0.1.411]
    [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\avpmgr.ppl]  [Kaspersky Lab, 6.0.1.411]
    [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\wdiskio.ppl]  [Kaspersky Lab, 6.0.1.411]
    [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\avlib.ppl]  [Kaspersky Lab, 6.0.1.411]
    [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\avspm.ppl]  [Kaspersky Lab, 6.0.1.411]
    [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\avp3info.ppl]  [Kaspersky Lab, 6.0.1.411]
    [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\og.ppl]  [Kaspersky Lab, 6.0.1.411]
    [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\pdm.ppl]  [Kaspersky Lab, 6.0.1.411]
    [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\mc.ppl]  [Kaspersky Lab, 6.0.1.411]
    [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\oas.ppl]  [Kaspersky Lab, 6.0.1.411]
    [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\httpscan.ppl]  [Kaspersky Lab, 6.0.1.411]
    [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\klaveng.dll]  [N/A, N/A]
    [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\sc.ppl]  [Kaspersky Lab, 6.0.1.411]
    [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\procmon.ppl]  [Kaspersky Lab, 6.0.1.411]
    [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\dtreg.ppl]  [Kaspersky Lab, 6.0.1.411]
    [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\prutil.ppl]  [Kaspersky Lab, 6.0.1.411]
    [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\avp1.ppl]  [Kaspersky Lab, 6.0.1.411]
    [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\l_llio.ppl]  [Kaspersky Lab, 6.0.1.411]
    [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\sfdb.ppl]  [Kaspersky Lab, 6.0.1.411]
    [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\ichk2.ppl]  [Kaspersky Lab, 6.0.1.411]
    [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\icheckersa.ppl]  [Kaspersky Lab, 6.0.1.411]
    [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\httpanlz.ppl]  [Kaspersky Lab, 6.0.1.411]
    [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\smtpprotocoller.ppl]  [Kaspersky Lab, 6.0.1.411]
    [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\trafficmonitor2.ppl]  [Kaspersky Lab, 6.0.1.411]
    [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\CKAHUM.dll]  [Kaspersky Lab, 6.0.1.1]
    [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\CKAHComm.dll]  [Kaspersky Lab, 6.0.1.1]
    [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\ckahrule.dll]  [Kaspersky Lab, 6.0.1.1]
    [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\SSLEAY32.dll]  [The OpenSSL Project, http://www.openssl.org/, 0.9.8c]
    [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\LIBEAY32.dll]  [The OpenSSL Project, http://www.openssl.org/, 0.9.8c]
    [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\pop3protocoller.ppl]  [Kaspersky Lab, 6.0.1.411]
    [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\imapprotocoller.ppl]  [Kaspersky Lab, 6.0.1.411]
    [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\nntpprotocoller.ppl]  [Kaspersky Lab, 6.0.1.411]
    [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\qb.ppl]  [Kaspersky Lab, 6.0.1.411]
    [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\tempfile.ppl]  [Kaspersky Lab, 6.0.1.411]
    [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\hashcont.ppl]  [Kaspersky Lab, 6.0.1.411]
    [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\hccmp.ppl]  [Kaspersky Lab, 6.0.1.411]
    [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\uniarc.ppl]  [Kaspersky Lab, 6.0.0.16]
    [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\minizip.ppl]  [Kaspersky Lab, 6.0.0.16]
    [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\cab.ppl]  [Kaspersky Lab, 6.0.0.16]
    [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\arj.ppl]  [Kaspersky Lab, 6.0.0.16]
    [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\rar.ppl]  [Kaspersky Lab, 6.0.1.411]
    [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\lha.ppl]  [Kaspersky Lab, 6.0.1.411]
    [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\mdb.ppl]  [Kaspersky Lab, 6.0.1.411]
    [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\msoe.ppl]  [Kaspersky Lab, 6.0.1.411]
    [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\iwgen.ppl]  [Kaspersky Lab, 6.0.1.411]
    [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\updater2005.ppl]  [Kaspersky Lab, 6.0.1.411]
    [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\productinfo.ppl]  [Kaspersky Lab, 6.0.1.411]
    [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\updater.ppl]  [Kaspersky Lab, 6.0.1.411]
    [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\diff.ppl]  [Kaspersky Lab, 6.0.1.411]
    [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\base64p.ppl]  [Kaspersky Lab, 6.0.1.411]
    [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\updateinfo.ppl]  [Kaspersky Lab, 6.0.1.411]
    [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\updatecategory.ppl]  [Kaspersky Lab, 6.0.1.411]
    [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\updateobjectinfo.ppl]  [Kaspersky Lab, 6.0.1.411]
    [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\netsession.ppl]  [Kaspersky Lab, 6.0.1.411]
    [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\socket.ppl]  [Kaspersky Lab, 6.0.1.411]
    [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\httpsession.ppl]  [Kaspersky Lab, 6.0.1.411]
    [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\ntlm.ppl]  [Kaspersky Lab, 6.0.1.411]
    [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\base64.ppl]  [Kaspersky Lab, 6.0.1.411]
    [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\updateinstaller.ppl]  [Kaspersky Lab, 6.0.1.411]
    [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\baseinstaller.ppl]  [Kaspersky Lab, 6.0.1.411]
    [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\execinstaller.ppl]  [Kaspersky Lab, 6.0.1.411]
[PID: 564][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\75976M.BMP]  [N/A, N/A]
[PID: 600][c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe]  [Microsoft Corporation, 2005.090.1399.00]
    [C:\WINNT\75976M.BMP]  [N/A, N/A]
[PID: 712][d:\MICROS~1\MSSQL\binn\sqlservr.exe]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\WINNT\75976M.BMP]  [N/A, N/A]
[PID: 788][c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe]  [Microsoft Corporation, 2005.090.1399.00]
    [C:\WINNT\75976M.BMP]  [N/A, N/A]
[PID: 1012][C:\WINNT\Explorer.EXE]  [Microsoft Corporation, 5.00.3700.6690]
    [C:\WINNT\75976M.BMP]  [N/A, N/A]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
    [C:\WINNT\system32\hccutils.DLL]  [Intel Corporation, 3,0,0,2082]
    [C:\WINNT\system32\igfxres.dll]  [Intel Corporation, 3,0,0,2082]
    [C:\WINNT\system32\igfxsrvc.dll]  [Intel Corporation, 3,0,0,2082]
    [C:\WINNT\system32\igfxdev.dll]  [Intel Corporation, 3,0,0,2082]
    [D:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
    [D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 7.0.0.2004121400]
    [D:\PROGRA~1\FLASHGET\jccatch.dll]  [Amaze Soft, 1, 1, 4, 0]
    [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scrchpg.dll]  [Kaspersky Lab, 1.0.6.411]
    [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\klscav.dll]  [Kaspersky Lab, 6.0.1.411]
    [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prremote.dll]  [Kaspersky Lab, 6.0.1.411]
gototop
 
姑苏残月
头像
叱咤花甲狮
  • 帖子:2464
  • 注册: 2007-01-27
  • 来自:
发表于: 2007-02-09 16:32 | 短消息 资料
字号: 3楼

<AppInit_DLLs><75976M.BMP> [N/A]
就是这个东西了
不过已经被卡巴收拾掉了,放心好了,现在安全
gototop
 
sstone
头像
初生襁褓狮
  • 帖子:10
  • 注册: 2007-02-08
  • 来自:
发表于: 2007-02-09 16:50 | 只看楼主 短消息 资料
字号: 4楼

谢谢
卡巴没解决掉呢吧?
卡巴的文件监控、主动防御都起不来。
病毒还在吧??
gototop
 
logicl
头像
自信弱冠狮
  • 帖子:503
  • 注册: 2007-02-06
  • 来自:
发表于: 2007-02-09 17:00 | 短消息 资料
字号: 5楼

1. 杀毒前关闭系统还原(Win2000系统可以忽略):右键 我的电脑 ,属性,系统还原,在所有驱动器上关闭系统还原 打勾即可。
清除IE的临时文件:打开IE 点工具-->Internet选项 : Internet临时文件,点“删除文件”按钮 ,将 删除所有脱机内容 打勾,点确定删除。
2.修改注册表
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><75976M.BMP>
<AppInit_DLLs><N/A>把75976M.BMP删掉
3.重新启动进安全模式(开机之后按F8)用PowerRMV删除下面文件:
[C:\WINNT\75976M.BMP]
删除下面服务
Windows DHCP Service / WinDHCPsvc][Stopped/Auto Start]
<C:\WINNT\system32\rundll32.exe windhcp.ocx,start><Microsoft Corporation>
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]
<C:\WINNT\System32\svchost.exe -k netsvcs-->C:\WINNT\system32\mspmsnsv.dll><Microsoft Corporation>
gototop
 
sstone
头像
初生襁褓狮
  • 帖子:10
  • 注册: 2007-02-08
  • 来自:
发表于: 2007-02-09 17:32 | 只看楼主 短消息 资料
字号: 6楼

我昨天删过注册表,那个bmp也删过(dos下删的),今天又有了。
gototop
 
logicl
头像
自信弱冠狮
  • 帖子:503
  • 注册: 2007-02-06
  • 来自:
发表于: 2007-02-09 17:35 | 短消息 资料
字号: 7楼

用PowerRMV杀.勾选"抑制杀灭对象再次生成"点"杀灭"
gototop
 
sstone
头像
初生襁褓狮
  • 帖子:10
  • 注册: 2007-02-08
  • 来自:
发表于: 2007-02-09 18:04 | 只看楼主 短消息 资料
字号: 8楼

75976M.bmp删了,注册表也删了,但是一重启
C:\Documents and Settings\Administrator\Local Settings\Temp
里边又出来了一个:au.exe,前两天是一个az.exe。
卡巴斯基有时候提示有程序下载木马程序:
torjan_psw.win32.onlinegame.ew
给禁止了。
现在不知道哪里还有问题...
这个病毒好顽强!!!!!!!!!!!!!!!!!!!!!!!!!
gototop
 
logicl
头像
自信弱冠狮
  • 帖子:503
  • 注册: 2007-02-06
  • 来自:
发表于: 2007-02-09 18:08 | 短消息 资料
字号: 9楼

引用:
【logicl的贴子】1. 杀毒前关闭系统还原(Win2000系统可以忽略):右键 我的电脑 ,属性,系统还原,在所有驱动器上关闭系统还原 打勾即可。
清除IE的临时文件:打开IE 点工具-->Internet选项 : Internet临时文件,点“删除文件”按钮 ,将 删除所有脱机内容 打勾,点确定删除。
2.修改注册表
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><75976M.BMP>
<AppInit_DLLs><N/A>把75976M.BMP删掉
3.重新启动进安全模式(开机之后按F8)用PowerRMV删除下面文件:
[C:\WINNT\75976M.BMP]
删除下面服务
Windows DHCP Service / WinDHCPsvc][Stopped/Auto Start]
<C:\WINNT\system32\rundll32.exe windhcp.ocx,start><Microsoft Corporation>
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]
<C:\WINNT\System32\svchost.exe -k netsvcs-->C:\WINNT\system32\mspmsnsv.dll><Microsoft Corporation>
………………



照这个做..
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT