1   1  /  1  页   跳转

[求助] 请大侠协助,我又中毒了!

收藏
dzf210
头像
初生襁褓狮
  • 帖子:40
  • 注册: 2008-08-14
  • 来自:
发表于: 2008-08-29 19:15 | 只看楼主 短消息 资料
字号: 1楼

请大侠协助,我又中毒了!

这个该死的.
扫描日志的 以及19# 我都有

用户系统信息:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

附件附件:

文件名:SREngLOG.log
下载次数:118
文件类型:application/octet-stream
文件大小:
上传时间:2008-8-29 19:15:26
描述:log
分享到:
gototop
 
超级游戏迷
头像
卡卡技术团队
  • 帖子:25779
  • 注册: 2007-01-14
  • 来自:
卡卡名人堂论坛9周年纪念瑞星金牌用户
发表于: 2008-08-29 19:51 | 短消息 资料
字号: 2楼

回复: 请大侠协助,我又中毒了!

注册表
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <HBService><explore.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><mcromv.dll johandy.dll aotoppt.dll biroas.dll comboaus.dll wllame.dll lensch.dll,aaa.dll,HBmhly.dll,erxycloe.dll>  [N/A](此项应将值项值修改为空,不能直接删除值项)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{0B846B26-BFE6-4E8E-A948-1DB17B77B483}><C:\WINDOWS\system32\tdfhex.dll>  [N/A]
    <{2876D76C-CAAA-4313-AF97-8D1D9A2A1087}><C:\WINDOWS\system32\dpvvoxmh.dll>  []
    <{76D44356-B494-443a-BEDC-AA68DE4255E6}><C:\WINDOWS\system32\dispexcb.dll>  []
    <{2CB77746-8ECC-40ca-8217-10CA8BE5EFC8}><C:\WINDOWS\system32\tscfgwmijxsj.dll>  []
    <{71A78CD4-E470-4a18-8457-E0E0283DD507}><C:\WINDOWS\system32\lweurqhx.dll>  []
    <{F0930A2F-D971-4828-8209-B7DFD266ED44}><C:\WINDOWS\system32\xolehlpjh.dll>  []
    <{A2C3BA54-DF75-4881-8EB3-E54B26BBBBC9}><C:\WINDOWS\system32\nwapi32dj.dll>  []
    <{7A6DF30E-D0F2-446f-B4F0-BF4232D60E07}><C:\WINDOWS\system32\cliconfgzx.dll>  []
    <{DA56B183-A731-402b-9235-2CB8803E212D}><C:\WINDOWS\system32\imgutilhx2.dll>  []
    <{21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}><C:\WINDOWS\system32\jsbpjbnz.dll>  []
    <{D3112B69-A745-4805-874E-ABD480EA1299}><C:\WINDOWS\system32\bootvidgj.dll>  []
    <{48691221-F05C-4AB4-B9D0-50D6D36CC27F}><C:\Program Files\Internet Explorer\PLUGINS\WinNt64.Sys>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <mvmdp><C:\WINDOWS\system32\hqhyk.dll>  []
    <dpvvoxmh.dll><C:\WINDOWS\system32\dpvvoxmh.dll>  []
    <rcdugenl.dll><C:\WINDOWS\system32\jsbpjbnz.dll>  []
    <dispexcb.dll><C:\WINDOWS\system32\dispexcb.dll>  []
    <tscfgwmijxsj.dll><C:\WINDOWS\system32\tscfgwmijxsj.dll>  []
    <cliconfgzx.dll><C:\WINDOWS\system32\cliconfgzx.dll>  []
    <lweurqhx.dll><C:\WINDOWS\system32\lweurqhx.dll>  []
    <imgutilhx2.dll><C:\WINDOWS\system32\imgutilhx2.dll>  []
    <xolehlpjh.dll><C:\WINDOWS\system32\xolehlpjh.dll>  []
    <nwapi32dj.dll><C:\WINDOWS\system32\nwapi32dj.dll>  []
    <bootvidgj.dll><C:\WINDOWS\system32\bootvidgj.dll>  []
    <jsbpjbnz.dll><C:\WINDOWS\system32\jsbpjbnz.dll>  []
==================================
驱动程序
[FNDRV / FNDRV][Stopped/Manual Start]
  <\??\F:\fndrv.sys><N/A>
[XPROTECTOR / XPROTECTOR][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\Xprotector.sys><N/A>
[HBKernel Driver / HBKernel][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\HBKernel.sys><N/A>
==================================
浏览器加载项
[]
  {48691221-F05C-4AB4-B9D0-50D6D36CC27F} <C:\Program Files\Internet Explorer\PLUGINS\WinNt64.Sys, N/A>
[]
  {48691221-F05C-4AB4-B9D0-50D6D36CC27F} <C:\Program Files\Internet Explorer\PLUGINS\WinNt64.Sys, N/A>
==================================
正在运行的进程
[C:\WINDOWS\system32\fzn\svchost.exe] 
[C:\WINDOWS\system32\aotopptk.exe]  (不知道是什么东西)
[C:\WINDOWS\system32\explore.exe] 
[C:\WINDOWS\system32\HBmhly.dll] 
[C:\WINDOWS\system32\erxycloe.dll] 
[C:\WINDOWS\system32\jsbpjbnz.dll] 
[C:\WINDOWS\system32\bootvidgj.dll] 
[C:\WINDOWS\system32\imgutilhx2.dll]
[C:\WINDOWS\system32\cliconfgzx.dll] 
[C:\WINDOWS\system32\nwapi32dj.dll] 
[C:\WINDOWS\system32\xolehlpjh.dll] 
[C:\WINDOWS\system32\lweurqhx.dll] 
[C:\WINDOWS\system32\tscfgwmijxsj.dll] 
[C:\WINDOWS\system32\dispexcb.dll] 
[C:\WINDOWS\system32\dpvvoxmh.dll] 
==================================
HOSTS 文件
192.168.100.76  infosvr1
192.168.100.71  haiernetserver
192.168.100.126 bxmailserver
192.168.100.39  hrmailserver
192.168.99.227  acmailserver
192.168.100.73 itmailserver
192.168.63.250  mjmailserver
192.168.66.247  commmailserver
192.168.21.1    zsmailserver
192.168.100.32  cwmailserver
192.168.100.75  hrserver
192.168.17.3 hdzhsserver
192.168.99.228  lodmserver
192.168.27.2    hwbxserver
192.168.99.226  xyjmailsvr
192.168.100.85 zhongshserver
192.168.99.171 hwtmailserver
192.168.175.2 hfhrserver
192.168.100.74 vpnsvr1
192.168.100.77 vpnserver
192.168.171.6 dlmailsvr
192.168.14.1 hdmailserver
192.168.100.81 webmailserver
192.168.100.78  qdmailserver1
192.168.100.79  hrnetserver
192.168.99.171    hwtwebserver
192.168.31.1    cqlmailserver
192.168.100.72  hrmailserver1
192.168.100.95  infosvr2
192.168.249.1  zqhrmailserver
192.168.100.196 infosvr3
192.168.100.129 haiermailserver
192.168.100.229 hrmailserver2
192.168.100.223 hrmailserver3
192.168.100.87  haierpt
192.168.100.117 jnmailserver
192.168.100.92  hrnetsvr
192.168.100.211 hrportal
192.168.99.220  haiernetserverc
192.168.99.221  hrnetserverc
192.168.99.222  hrmailserverc
192.168.99.223  haiermailserverc
192.168.99.224  hrportalc
192.168.99.225  hrsmtp
192.168.99.229 qdmailserver2
192.168.99.70  plmmcsg
192.168.99.71  hrplm01
192.168.99.72    hrplm02
==================================
API HOOK(检查一下,看什么进程hook了此API)
入口点错误:CreateServiceA (危险等级: 高,  被下面模块所HOOK: Dest Addr: 0x001354AC)
==================================
最后编辑超级游戏迷 最后编辑于 2008-08-29 19:52:13
打酱油的……
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT