版主和高手们请进，我快崩溃了，重装系统也搞掂不了（日志已付） - 瑞星卡卡安全论坛bbs.ikaka.com

瑞星卡卡安全论坛技术交流区 反病毒/反流氓软件论坛版主和高手们请进，我快崩溃了，重装系统也搞掂不了（日志已付）

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第五十次通过VB100测评		携手老友，拥抱新精彩 —— 新论坛新活动，感谢你的陪伴		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

1

1 / 1 页

跳转页

版主和高手们请进，我快崩溃了，重装系统也搞掂不了（日志已付）

summersky123 初生襁褓狮帖子:52 注册: 2006-12-10 来自:	发表于： 2007-10-14 16:31 \| 只看楼主短消息资料字号：小中大 1楼版主和高手们请进，我快崩溃了，重装系统也搞掂不了（日志已付）我怀疑自己的电脑被人黑了，另外，按照置顶贴里的auto.exe病毒清理办法清理了很多次，我自问一步步按部就班的清除，但是过不了一会儿又来了最近这几天常被那些onlinegames木马和那些Win32.Troj.Unknown.a.176128骚扰，用正版金山和金山清理专家杀了，结果重启后，不到一会儿又出现了，另外清理专家发现upxdnd.exe等病毒，还有一些我忘记名字了，怎么弄也弄不好，我是不是被人监控了？还有一些特征就是用sreng扫描时候，提示Appinit_DLLS被修改，我看了一下，是那个winform.dll作怪，请问怎么解决呢？我真的崩溃了 [用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Maxthon) 2007-10-14 20:54:00
summersky123 初生襁褓狮帖子:52 注册: 2006-12-10 来自:	分享到：

summersky123 初生襁褓狮帖子:52 注册: 2006-12-10 来自:	发表于： 2007-10-14 16:31 \| 只看楼主短消息资料字号：小中大 2楼 [CODE] 2007-10-14,16:01:29 System Repair Engineer 2.5.16.900 Smallfrogs (http://www.KZTechs.com) Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能以下内容被选中：所有的启动项目（包括注册表、启动文件夹、服务等）浏览器加载项正在运行的进程（包括进程模块信息）文件关联 Winsock 提供者 Autorun.inf HOSTS 文件进程特权扫描启动项目注册表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher] <KavPFW><"C:\KAV2007\KPFW32.EXE"> [Kingsoft Corporation] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <load><> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows Publisher] <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Windows Publisher] <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Windows Publisher] <KavStart><"C:\KAV2007\KAVStart.exe" -startup> [Kingsoft Corporation] <ThunderMini><d:\Program Files\Thunder Network\ThunderMini\ThunderMiniShell.exe> [] <Atomic Time Synchronizer><"D:\download\0801_mydown_5\Atomic[1].Time.Synchronizer\TimeSync.exe" /auto> [atsync.com] <KAVTool><"D:\IGM专杀\DubaTool_AV_Killer-v4.5\DubaTool_AV_Killer2.COM" noshow> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe> [(Verified)Microsoft Windows Publisher] <Userinit><C:\WINDOWS\system32\UserInit.exe,> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><winforms.dll> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{AEB6717E-7E19-11d0-97EE-00C04FD91974}><winforms.dll> [] ================================== 启动文件夹 N/A ================================== 服务 [938475AA / 938475AA][Stopped/] <2 - 系统找不到指定的文件。 ><N/A> [Human Interface Device Access / HidServ][Stopped/Disabled] <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A> [Kingsoft Personal Firewall Service / KPfwSvc][Running/Auto Start] <"C:\KAV2007\KPfwSvc.EXE"><Kingsoft Corporation> [Kingsoft Antivirus KWatch Service / KWatchSvc][Running/Auto Start] <C:\KAV2007\KWatch.EXE><Kingsoft Corporation> ================================== 驱动程序 [Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start] <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.> [VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Running/Manual Start] <system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.> [KAVBase / KAVBase][Running/Auto Start] <\??\C:\WINDOWS\system32\Drivers\KAVBase.sys><Kingsoft Corporation> [KNetWch / KNetWch][Running/System Start] <\??\C:\KAV2007\KNetWch.SYS><Kingsoft Corporation> [KWatch3 / KWatch3][Running/System Start] <\??\C:\WINDOWS\system32\drivers\KWatch3.SYS><Kingsoft Corporation> [nv / nv][Running/Manual Start] <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation> [Direct Parallel Link Driver / Ptilink][Running/Manual Start] <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.> [Secdrv / Secdrv][Stopped/Manual Start] <system32\DRIVERS\secdrv.sys><N/A> [ViaIde / ViaIde][Running/Boot Start] <\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation> [KAVBootC / KAVBootC][Running/Boot Start] <\SystemRoot\system32\Drivers\KAVBootC.sys><Kingsoft Corporation>
summersky123 初生襁褓狮帖子:52 注册: 2006-12-10 来自:

summersky123 初生襁褓狮帖子:52 注册: 2006-12-10 来自:	发表于： 2007-10-14 16:31 \| 只看楼主短消息资料字号：小中大 3楼 ================================== 浏览器加载项 [CBrowseStakeout Class] {55302805-482E-470E-8A57-6795A1487F90} <C:\KAV2007\KAVAFish.DLL, Kingsoft Corporation> [ThunderMini Browser Helper] {8E6C1C49-F9CE-4311-9FB4-D70E8B0AEAEB} <d:\Program Files\Thunder Network\ThunderMini\ComDlls\XunLeiMiniBHO_001.dll, Thunder Networking Technologies,LTD> [Messenger] {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation> [CBrowseStakeout Class] {55302805-482E-470E-8A57-6795A1487F90} <C:\KAV2007\KAVAFish.DLL, Kingsoft Corporation> [ThunderMini Browser Helper] {8E6C1C49-F9CE-4311-9FB4-D70E8B0AEAEB} <d:\Program Files\Thunder Network\ThunderMini\ComDlls\XunLeiMiniBHO_001.dll, Thunder Networking Technologies,LTD> [&使用迷你迅雷下载] <d:\Program Files\Thunder Network\ThunderMini\Program\GetUrl.htm, N/A> [金山毒霸反钓鱼...] <C:\KAV2007\KAF\ShowSet.htm, N/A> ================================== 正在运行的进程 [PID: 552 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 628 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 652 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\winforms.dll] [N/A, ] [PID: 696 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\winforms.dll] [N/A, ] [PID: 708 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\winforms.dll] [N/A, ] [PID: 860 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\winforms.dll] [N/A, ] [PID: 928 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\winforms.dll] [N/A, ] [PID: 1028 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\System32\winforms.dll] [N/A, ] [PID: 1076 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\winforms.dll] [N/A, ] [PID: 1116 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\winforms.dll] [N/A, ] [PID: 1492 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\winforms.dll] [N/A, ] [PID: 1640 / summer-sky][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\winforms.dll] [N/A, ] [C:\KAV2007\KMailOEBand.DLL] [Kingsoft Corporation, 2006, 12, 1, 139] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\KAV2007\KASocket.dll] [Kingsoft Corporation, 2007, 3, 18, 241] [d:\Program Files\Thunder Network\ThunderMini\ComDlls\XunLeiMiniBHO_001.dll] [Thunder Networking Technologies,LTD, 2, 0, 0, 1] [PID: 624 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)] [C:\WINDOWS\system32\winforms.dll] [N/A, ] [PID: 1836 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1020 / summer-sky][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\winforms.dll] [N/A, ] [C:\KAV2007\KMailOEBand.DLL] [Kingsoft Corporation, 2006, 12, 1, 139] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\KAV2007\KASocket.dll] [Kingsoft Corporation, 2007, 3, 18, 241] [PID: 1424 / summer-sky][D:\Program Files\Thunder Network\ThunderMini\program\ThunderMini.exe] [Thunder Networking Technologies,LTD, 2, 0, 0, 29] [C:\KAV2007\KMailOEBand.DLL] [Kingsoft Corporation, 2006, 12, 1, 139] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [D:\Program Files\Thunder Network\ThunderMini\program\download_interface.dll] [N/A, ] [D:\Program Files\Thunder Network\ThunderMini\program\UpdateDownload.dll] [Thunder Networking Technologies,LTD, 1, 0, 1, 6] [d:\Program Files\Thunder Network\ThunderMini\Components\InMedia\iEmbedShell.dll] [　, 1, 0, 0, 6] [d:\Program Files\Thunder Network\ThunderMini\Components\InMedia\iEmbed.dll] [　, 2, 1, 0, 30] [C:\KAV2007\KASocket.dll] [Kingsoft Corporation, 2007, 3, 18, 241] [C:\WINDOWS\system32\winforms.dll] [N/A, ] [PID: 2636 / summer-sky][D:\Program Files\BitComet\BitComet.exe] [www.BitComet.com, 0.62.] [D:\Program Files\BitComet\dbghelp.dll] [Microsoft Corporation, 6.3.0011.3 (DbgBuild.040120-1256)] [C:\WINDOWS\system32\winforms.dll] [N/A, ] [C:\KAV2007\KMailOEBand.DLL] [Kingsoft Corporation, 2006, 12, 1, 139] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\KAV2007\KASocket.dll] [Kingsoft Corporation, 2007, 3, 18, 241] [PID: 1196 / summer-sky][D:\IGM专杀\SR_teyqiu.com] [Smallfrogs Studio, 2.5.16.900] [C:\WINDOWS\system32\winforms.dll] [N/A, ] [C:\KAV2007\KMailOEBand.DLL] [Kingsoft Corporation, 2006, 12, 1, 139] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\KAV2007\KASocket.dll] [Kingsoft Corporation, 2007, 3, 18, 241]
summersky123 初生襁褓狮帖子:52 注册: 2006-12-10 来自:

summersky123 初生襁褓狮帖子:52 注册: 2006-12-10 来自:	发表于： 2007-10-14 16:32 \| 只看楼主短消息资料字号：小中大 4楼 ================================== 文件关联 .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %] .COM OK. ["%1" %] .PIF OK. ["%1" %] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %] .SCR OK. ["%1" /S] .CHM Error. ["hh.exe" %1] .HLP Error. [winhlp32.exe %1] .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 N/A ================================== Autorun.inf N/A ================================== HOSTS 文件 127.0.0.1 localhost ================================== 进程特权扫描特殊特权被允许： SeLoadDriverPrivilege [PID = 1424, D:\PROGRAM FILES\THUNDER NETWORK\THUNDERMINI\PROGRAM\THUNDERMINI.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 2636, D:\PROGRAM FILES\BITCOMET\BITCOMET.EXE] ================================== API HOOK 入口点错误：LoadLibraryExW (危险等级: 高, 被下面模块所HOOK: C:\KAV2007\KASocket.dll) ================================== 隐藏进程 N/A ================================== [/CODE]
summersky123 初生襁褓狮帖子:52 注册: 2006-12-10 来自:

summersky123 初生襁褓狮帖子:52 注册: 2006-12-10 来自:	发表于： 2007-10-14 18:11 \| 只看楼主短消息资料字号：小中大 5楼顶一下，望高手帮忙
summersky123 初生襁褓狮帖子:52 注册: 2006-12-10 来自:

newcenturymoon 社区嘉宾帖子:15158 注册: 2005-08-03 来自:	发表于： 2007-10-14 18:18 \| 短消息资料字号：小中大 6楼 C:\WINDOWS\system32\winforms.dll重命名重启计算机后删除文件
newcenturymoon 社区嘉宾帖子:15158 注册: 2005-08-03 来自:

summersky123 初生襁褓狮帖子:52 注册: 2006-12-10 来自:	发表于： 2007-10-14 21:04 \| 只看楼主短消息资料字号：小中大 7楼问题已经得到解决了，真诚谢谢版主大人帮忙
summersky123 初生襁褓狮帖子:52 注册: 2006-12-10 来自:

<<上一主题|下一主题>>

1

1 / 1 页

跳转页

页面顶部

Powered by Discuz!NT