瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 遭遇顽固病毒!无法粘贴无法打开2级网页

1   1  /  1  页   跳转

[求助] 遭遇顽固病毒!无法粘贴无法打开2级网页

遭遇顽固病毒!无法粘贴无法打开2级网页

今天我公司一台机器中了病毒.  XP系统.用那台电脑的人QQ被盗了,喊我杀一下毒.我看了下症状如下
1  先用360扫描 杀出了几百个盗号木马
2    D E F 每个盘下都有隐藏的sss.exe文件 删除后又出来.大概每个盘都中毒了
3  我本想重新装系统,想把C盘资料转移,但是无法复制粘贴,上网查资料,可以打开自己输入网址的网页,但无法打开网页上的连接.
4  网上邻居里 本地连接 消失了.
5 无法打开资源管理器
6  任务栏无显示.意思就是说 你如果开了3个网页窗口,在任务栏上一个都看不到


小弟请高手来指点,如果实在没办法只能整个硬盘格了. 菜鸟和不懂装懂的请别回了。 谢谢了

用户系统信息:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
分享到:
gototop
 

回复:遭遇顽固病毒!无法粘贴无法打开2级网页

请你按照以下步骤做:

扫日志前关闭无用进程

如QQ,迅雷及播放器程序

到官方下载SReng
下载地址

http://www.kztechs.com/sreng/download.html

SREng/智能扫描

等扫描完成,保存日志(LOG格式)

如主程序SREng**.exe无法运行,导致无法扫描日志

把程式名改成123.com/123.bat/123.exe就可以

SRENG工具的扫描日志操作,看这贴2楼

http://bbs.ikaka.com/showtopic-8442813.aspx

日志以附件上传

(点击我回的贴的右下角的“引用”,然后就应该知道怎么以附件发了)
贴到反病毒区,已发帖请跟贴,勿另开新帖。)
gototop
 

回复:遭遇顽固病毒!无法粘贴无法打开2级网页

下载瑞星听诊器 
下载地址:http://download.rising.com.cn/for_down/RsDetect.exe 
运行扫描后会生成一个“瑞星听诊信息.htm”的文件,压缩后上报瑞星分析: 
上报地址:http://up.rising.com.cn/webmail/othernew.htm 
上报时说明具体情况
gototop
 

回复:遭遇顽固病毒!无法粘贴无法打开2级网页

请提取sss.exe 病毒打包上传
并且到
这里http://bbs.ikaka.com/showtopic-8536393.aspx
下载SREng 扫描一份日志上来
gototop
 

回复: 遭遇顽固病毒!无法粘贴无法打开2级网页



引用:
原帖由 晕4 于 2008-10-10 20:35:00 发表
请你按照以下步骤做:

扫日志前关闭无用进程

如QQ,迅雷及播放器程序

到官方下载SReng
下载地址

http://www.kztechs.com/sreng/download.html

SREng/智能扫描

等扫描完成


我好象还不能上传附件,我就把诊断复制了下,请大侠过目 . 奇怪的是我电脑上无法复制文件和网址,却可以把文字复制进这个帖子.奇怪

=========================================================================

2008-10-10,21:09:36

System Repair Engineer 2.6.12.1018
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
    <run><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <nwiz><nwiz.exe /install>  []
    <NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <SoundMan><SOUNDMAN.EXE>  [Realtek Semiconductor Corp.]
    <PPHIDPAD><C:\WINPENJR\Win32\pphidpad.exe>  []
    <360Safebox><"C:\Program Files\360Safebox\safeboxTray.exe" /r>  [(Verified)Qizhi Software (beijing) Co. Ltd]
    <360Safetray><C:\Program Files\360safe\safemon\360tray.exe /start>  [(Verified)Qizhi Software (beijing) Co. Ltd]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <ak360Kill><"C:\Documents and Settings\Administrator\桌面\SuperKiller.exe" -check>  [(Verified)Qizhi Software (beijing) Co. Ltd]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\UserInit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{2CB77746-8ECC-40ca-8217-10CA8BE5EFC8}><C:\WINDOWS\system32\zcnshlvc.dll>  [File is missing]
    <{21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}><C:\WINDOWS\system32\acrlcnab.dll>  [File is missing]
    <{D3112B69-A745-4805-874E-ABD480EA1299}><C:\WINDOWS\system32\brrdcxnq.dll>  [File is missing]
    <{4BF9CBA3-8DEE-41A1-8BDB-FC28D30E949F}><4BF9CBA3.dll>  [N/A]
    <{F0930A2F-D971-4828-8209-B7DFD266ED44}><C:\WINDOWS\system32\vmvgjrxv.dll>  [File is missing]
    <{EBE50EA1-89C8-463A-998A-69A05ECD2D26}><EBE50EA1.dll>  [N/A]
    <{8566F82E-03A4-416E-AEAC-66600D8881F1}><8566F82E.dll>  [N/A]
    <{495271CA-D0C6-4052-ABE6-5B01C73CDFB0}><495271CA.dll>  [N/A]
    <{A2C3BA54-DF75-4881-8EB3-E54B26BBBBC9}><C:\WINDOWS\system32\rloqmlxz.dll>  [File is missing]
    <{9CA963CA-107C-4089-B0AB-31380F90D7E3}><9CA963CA.dll>  [N/A]
    <{E4814792-EFA3-4C20-93D0-8B130A59F9A8}><E4814792.dll>  [N/A]
    <{DA56B183-A731-402b-9235-2CB8803E212D}><C:\WINDOWS\system32\monizkfo.dll>  [File is missing]
    <{434FA69C-5F0A-42e1-82B8-10AF2C8E53C6}><C:\WINDOWS\system32\dnugxxbj.dll>  [File is missing]
    <{BB4E3499-0132-4d3f-849A-2BE1B26D84E1}><C:\WINDOWS\system32\alowzktq.dll>  [File is missing]
    <{7ADC2AB1-5C6A-4178-82DA-94863354AF7C}><7ADC2AB1.dll>  [N/A]
    <{D1CC9DC6-F0BC-40fc-9552-E497B05E05B8}><C:\WINDOWS\system32\eptinkox.dll>  [File is missing]
    <{76D44356-B494-443a-BEDC-AA68DE4255E6}><C:\WINDOWS\system32\mgvwejqq.dll>  [File is missing]
    <{432BDC7C-DE5B-43f4-AA81-E7F8AFB0182D}><C:\WINDOWS\system32\gxzftjqi.dll>  [File is missing]
    <{F0C9FBC2-6FA2-479d-B65D-F9D65C613ECC}><C:\WINDOWS\system32\gbxzjvvq.dll>  [File is missing]
    <{7A6DF30E-D0F2-446f-B4F0-BF4232D60E07}><C:\WINDOWS\system32\rjlrgxed.dll>  [File is missing]
    <{65056902-6E7B-4bd7-95BA-688DB5FA5BEB}><C:\WINDOWS\system32\bzcpfijx.dll>  [File is missing]
    <{1B1D8534-8B2E-4DF0-B92B-C878E4DB0F0B}><1B1D8534.dll>  [N/A]
    <{08223B03-1B38-4A33-A83A-A4D3CC1D6E4E}><08223B03.dll>  [N/A]
    <{EA4D8F95-8F2E-4658-A234-E8F4C9AC21C5}><C:\WINDOWS\system32\rldfbibs.dll>  [File is missing]
    <{B3721C07-62B3-411A-9DC7-F5F27E3E21FF}><B3721C07.dll>  [N/A]
    <{3474A8C2-BEF9-46C8-983A-A26A0030EC30}><3474A8C2.dll>  [N/A]
    <{4EFDDEBE-303C-4D1A-8C9E-E4F215C43651}><4EFDDEBE.dll>  [N/A]
    <{D91BC61E-7D78-4A2A-A336-7B97E8E52F0B}><D91BC61E.dll>  [N/A]
    <{F6A454AE-156A-415E-9F89-3795677A8A91}><>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll>  [(Verified)Microsoft Windows Component Publisher]
    <vhuhzmwi.dll><C:\WINDOWS\system32\zcnshlvc.dll>  [File is missing]
    <nkhehwbg.dll><C:\WINDOWS\system32\acrlcnab.dll>  [File is missing]
    <egujxgoe.dll><C:\WINDOWS\system32\brrdcxnq.dll>  [File is missing]
    <beplcvam.dll><C:\WINDOWS\system32\vmvgjrxv.dll>  [File is missing]
    <nqgrgxmu.dll><C:\WINDOWS\system32\rloqmlxz.dll>  [File is missing]
    <pckicqbu.dll><C:\WINDOWS\system32\monizkfo.dll>  [File is missing]
    <mrekgfmd.dll><C:\WINDOWS\system32\dnugxxbj.dll>  [File is missing]
    <zhmzzalf.dll><C:\WINDOWS\system32\zcnshlvc.dll>  [File is missing]
    <nzfrxjxs.dll><C:\WINDOWS\system32\acrlcnab.dll>  [File is missing]
    <fdsonukq.dll><C:\WINDOWS\system32\brrdcxnq.dll>  [File is missing]
    <zikkzplg.dll><C:\WINDOWS\system32\vmvgjrxv.dll>  [File is missing]
    <aflaipnp.dll><C:\WINDOWS\system32\rloqmlxz.dll>  [File is missing]
    <monizkfo.dll><C:\WINDOWS\system32\monizkfo.dll>  [File is missing]
    <keajezqw.dll><C:\WINDOWS\system32\dnugxxbj.dll>  [File is missing]
    <sfshwher.dll><C:\WINDOWS\system32\alowzktq.dll>  [File is missing]
    <tusxgpfs.dll><C:\WINDOWS\system32\zcnshlvc.dll>  [File is missing]
    <bdsjdcvm.dll><C:\WINDOWS\system32\acrlcnab.dll>  [File is missing]
    <pwlbblqr.dll><C:\WINDOWS\system32\brrdcxnq.dll>  [File is missing]
    <jkefmzjp.dll><C:\WINDOWS\system32\vmvgjrxv.dll>  [File is missing]
    <eptinkox.dll><C:\WINDOWS\system32\eptinkox.dll>  [File is missing]
    <ojytgalb.dll><C:\WINDOWS\system32\rloqmlxz.dll>  [File is missing]
    <mwedxhba.dll><C:\WINDOWS\system32\mgvwejqq.dll>  [File is missing]
    <wpkoqfym.dll><C:\WINDOWS\system32\gxzftjqi.dll>  [File is missing]
    <gbxzjvvq.dll><C:\WINDOWS\system32\gbxzjvvq.dll>  [File is missing]
    <qvkkbtzb.dll><C:\WINDOWS\system32\dnugxxbj.dll>  [File is missing]
    <hluxdavb.dll><C:\WINDOWS\system32\vmvgjrxv.dll>  [File is missing]
    <oufcdpzu.dll><C:\WINDOWS\system32\acrlcnab.dll>  [File is missing]
    <lvdqkqsw.dll><C:\WINDOWS\system32\rjlrgxed.dll>  [File is missing]
    <bjxddviy.dll><C:\WINDOWS\system32\vmvgjrxv.dll>  [File is missing]
    <rxkfbkhn.dll><C:\WINDOWS\system32\acrlcnab.dll>  [File is missing]
    <vopzojjn.dll><C:\WINDOWS\system32\vmvgjrxv.dll>  [File is missing]
    <pjtcdumt.dll><C:\WINDOWS\system32\acrlcnab.dll>  [File is missing]
    <tpqojhip.dll><C:\WINDOWS\system32\acrlcnab.dll>  [File is missing]
    <djdzceet.dll><C:\WINDOWS\system32\acrlcnab.dll>  [File is missing]
    <rjlrgxed.dll><C:\WINDOWS\system32\rjlrgxed.dll>  [File is missing]
    <acrlcnab.dll><C:\WINDOWS\system32\acrlcnab.dll>  [File is missing]
    <wyyiclts.dll><C:\WINDOWS\system32\alowzktq.dll>  [File is missing]
    <pocrrdtk.dll><C:\WINDOWS\system32\zcnshlvc.dll>  [File is missing]
    <aptjeyze.dll><C:\WINDOWS\system32\bzcpfijx.dll>  [File is missing]
    <dhycrxbe.dll><C:\WINDOWS\system32\brrdcxnq.dll>  [File is missing]
    <kjguxwwq.dll><C:\WINDOWS\system32\vmvgjrxv.dll>  [File is missing]
    <npaahrzo.dll><C:\WINDOWS\system32\rloqmlxz.dll>  [File is missing]
    <rhgmvhbo.dll><C:\WINDOWS\system32\rldfbibs.dll>  [File is missing]
    <uoxnkdnx.dll><C:\WINDOWS\system32\mgvwejqq.dll>  [File is missing]
    <kyjvjhbg.dll><C:\WINDOWS\system32\gxzftjqi.dll>  [File is missing]
    <lnvcmflo.dll><C:\WINDOWS\system32\dnugxxbj.dll>  [File is missing]
    <lvibfjlc.dll><C:\WINDOWS\system32\alowzktq.dll>  [File is missing]
    <gnxfgnby.dll><C:\WINDOWS\system32\zcnshlvc.dll>  [File is missing]
    <lqsuzqgg.dll><C:\WINDOWS\system32\bzcpfijx.dll>  [File is missing]
    <jgndeezg.dll><C:\WINDOWS\system32\brrdcxnq.dll>  [File is missing]
    <nqwxluwk.dll><C:\WINDOWS\system32\vmvgjrxv.dll>  [File is missing]
    <ydndqwbz.dll><C:\WINDOWS\system32\rloqmlxz.dll>  [File is missing]
    <sqnzcscp.dll><C:\WINDOWS\system32\rldfbibs.dll>  [File is missing]
    <jtaesuhn.dll><C:\WINDOWS\system32\mgvwejqq.dll>  [File is missing]
    <ufgplsdz.dll><C:\WINDOWS\system32\gxzftjqi.dll>  [File is missing]
    <osylxoeo.dll><C:\WINDOWS\system32\dnugxxbj.dll>  [File is missing]
    <zochtzri.dll><C:\WINDOWS\system32\alowzktq.dll>  [File is missing]
    <eowcvasc.dll><C:\WINDOWS\system32\zcnshlvc.dll>  [File is missing]
    <pfcdpyyq.dll><C:\WINDOWS\system32\bzcpfijx.dll>  [File is missing]
    <muxftusq.dll><C:\WINDOWS\system32\brrdcxnq.dll>  [File is missing]
    <nvmtqkwj.dll><C:\WINDOWS\system32\vmvgjrxv.dll>  [File is missing]
    <alowzktq.dll><C:\WINDOWS\system32\alowzktq.dll>  [File is missing]
    <zcnshlvc.dll><C:\WINDOWS\system32\zcnshlvc.dll>  [File is missing]
    <bzcpfijx.dll><C:\WINDOWS\system32\bzcpfijx.dll>  [File is missing]
    <brrdcxnq.dll><C:\WINDOWS\system32\brrdcxnq.dll>  [File is missing]
    <vmvgjrxv.dll><C:\WINDOWS\system32\vmvgjrxv.dll>  [File is missing]
    <rloqmlxz.dll><C:\WINDOWS\system32\rloqmlxz.dll>  [File is missing]
    <rldfbibs.dll><C:\WINDOWS\system32\rldfbibs.dll>  [File is missing]
    <mgvwejqq.dll><C:\WINDOWS\system32\mgvwejqq.dll>  [File is missing]
    <gxzftjqi.dll><C:\WINDOWS\system32\gxzftjqi.dll>  [File is missing]
    <dnugxxbj.dll><C:\WINDOWS\system32\dnugxxbj.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]

==================================
启动文件夹
N/A

==================================
服务
[DCOM Server Process Launcher / DcomLaunch][Stopped/Auto Start]
  <C:\WINDOWS\system32\svchost -k DcomLaunch-->%SystemRoot%\system32\rpcss.dll><N/A>
[Google Updater Service / gusvc][Stopped/Manual Start]
  <"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Kingsoft Personal Firewall Service / KPfwSvc][Running/Auto Start]
  <"C:\KAV2007\KPfwSvc.EXE"><Kingsoft Corporation>
[Kingsoft Antivirus KWatch Service / KWatchSvc][Running/Auto Start]
  <C:\KAV2007\KWatch.EXE><Kingsoft Corporation>
[LexBce Server / LexBceS][Stopped/Auto Start]
  <C:\WINDOWS\system32\LEXBCES.EXE><Lexmark International, Inc.>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Remote Procedure Call (RPC) / RpcSs][Stopped/Auto Start]
  <C:\WINDOWS\system32\svchost -k rpcss-->c:\windows\system32\rpcss.dll><N/A>

==================================
驱动程序
[000fa668 / 000fa668][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\Drivers\000fa668.sys><N/A>
[4c70249 / 4c70249][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\4c70249.sys><N/A>
[8882fa1 / 8882fa1][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\8882fa1.sys><N/A>
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Stopped/Manual Start]
  <system32\drivers\ac97intc.sys><Intel Corporation>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[AliIde / AliIde][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\aliide.sys><Acer Laboratories Inc.>
[AMD K8 Processor Driver / AmdK8][Stopped/Manual Start]
  <System32\DRIVERS\amdk8.sys><Advanced Micro Devices>
[CmdIde / CmdIde][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[d4f876 / d4f876][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\d4f876.sys><N/A>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Stopped/Manual Start]
  <system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[HBKernel32 Driver / HBKernel32][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\HBKernel32.sys><N/A>
[ialm / ialm][Running/Manual Start]
  <system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[KNetWch / KNetWch][Running/System Start]
  <\??\C:\KAV2007\KNetWch.SYS><Kingsoft Corporation>
[KWatch3 / KWatch3][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\KWatch3.SYS><Kingsoft Corporation>
[msIffei / msIffei][Stopped/Manual Start]
  <System32\Drivers\msIffei.sys><N/A>
[npkcrypt / npkcrypt][Stopped/Auto Start]
  <\??\C:\Program Files\QQ2006\npkcrypt.sys><N/A>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[ppmoucls / ppmoucls][Running/System Start]
  <System32\DRIVERS\ppmoucls.sys><Windows (R) 2000 DDK provider>
[PenPower Touchpad / pptchpad][Running/System Start]
  <System32\DRIVERS\pptchpd5.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek 10/100/1000 NIC Family all in one NDIS XP Driver / RTL8023xp][Running/Manual Start]
  <system32\DRIVERS\Rtnicxp.sys><Realtek Semiconductor Corporation>
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\SafeBoxKrnl.sys><360安全中心>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[Sony USB Filter Driver (SONYPVU1) / SONYPVU1][Stopped/Manual Start]
  <system32\DRIVERS\SONYPVU1.SYS><Sony Corporation>
[TSKSP / TSKSP][Stopped/Manual Start]
  <\??\D:\QQ\QQDoctor\TSKSP.sys><Tencent>
[TorjanFW / TorjanFW][Running/Manual Start]
  <2 - 系统找不到指定的文件。
><N/A>
[000a2da6 / 000a2da6][Running/Manual Start]
  <\??\C:\WINDOWS\system32\Drivers\000a2da6.sys><N/A>

==================================
浏览器加载项
[]
  {7E853D72-626A-48EC-A868-BA8D5E23E045} <, >
[]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <, >
[Download_Bho Class]
  {A986E409-30CC-4185-89BB-AB212C104524} <C:\Program Files\PPLiveVA\DownloaderManager.dll, (Signed) >
[Google Toolbar Helper]
  {AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, (Signed) Google Inc.>
[Google Toolbar Notifier BHO]
  {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, (Signed) Google Inc.>
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, (Signed) 360.CN>
[Zcom 杂志]
  {4045D313-1D5E-4fe4-93A0-A34630B6A00B} <C:\Zcom\E-Space.exe, N/A>
[PPLive]
  {95B3F550-91C4-4627-BCC4-521288C52977} <C:\Program Files\PPLive\PPLive.exe, (Signed) N/A>
[&Google]
  {2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, (Signed) Google Inc.>
[iTrusPTA Class]
  {1E0DFFCF-27FF-4574-849B-55007349FEDA} <C:\WINDOWS\system32\aliedit\pta.dll, (Signed) >
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx, (Signed) Adobe Systems, Inc.>
[LocalLauncher Class]
  {E22BFF56-39F3-11D8-A0C7-000C6E7BB5AB} <C:\WINDOWS\system\BrowserEph.dll, >
[Google Script Object]
  {00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <c:\program files\google\googletoolbar2.dll, (Signed) Google Inc.>
[&Google]
  {2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, (Signed) Google Inc.>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, (Signed) Microsoft Corporation>
[]
  {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <, >
[]
  {4045D313-1D5E-4FE4-93A0-A34630B6A00B} <, >
[XML Document]
  {48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>
[]
  {589E405E-6C09-4341-862A-FFFEBD5C3C8C} <, >
[]
  {7E853D72-626A-48EC-A868-BA8D5E23E045} <, >
[360SafeLive]
  {87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360safe\live.dll, (Signed) 360.cn>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, (Signed) Microsoft Corporation>
[]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <, >
[]
  {95B3F550-91C4-4627-BCC4-521288C52977} <, >
[Download_Bho Class]
  {A986E409-30CC-4185-89BB-AB212C104524} <C:\Program Files\PPLiveVA\DownloaderManager.dll, (Signed) >
[Google Toolbar Helper]
  {AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, (Signed) Google Inc.>
[Google Toolbar Notifier BHO]
  {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, (Signed) Google Inc.>
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, (Signed) 360.CN>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx, (Signed) Adobe Systems, Inc.>
[]
  {D6E814A0-E0C5-11D4-8D29-0050BA6940E3} <, >
[]
  {F156768E-81EF-470C-9057-481BA8380DBA} <, >
[]
  {F6A454AE-156A-415E-9F89-3795677A8A91} <, >
[InfoCheck Class]
  {F91BA567-79B9-467E-BC97-5DBA01BBC5EE} <C:\Program Files\Alisoft\Alitalk\Ali_Check.dll, (Signed) >
[]
  {FB5F1910-F110-11D2-BB9E-00C04F795683} <, >
[InstallCheck Class]
  {FFB8C97E-39D4-4E8A-9FE4-B451A0D6CA65} <C:\Program Files\Alisoft\Alitalk\Ali_Check.dll, (Signed) >
[使用UUSee下载]
  <C:\Program Files\uusee\geturltodown.htm, N/A>
[使用UUSee加速播放]
  <C:\Program Files\uusee\geturltoplay.htm, N/A>
[使用迅雷下载]
  <C:\Program Files\Thunder\Program\geturl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ表情]
  <D:\QQ\AddEmotion.htm, N/A>

==================================
正在运行的进程
[PID: 440][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 500][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 524][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 568][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\AppPatch\AcAdProc.dll]  [Microsoft Corporation, 5.1.2600.3008 (xpsp.061004-0027)]
[PID: 580][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 780][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 884][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 912][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 952][C:\KAV2007\KWatch.EXE]  [Kingsoft Corporation, 2005, 9, 27, 51]
    [C:\KAV2007\KAVIPC2.DLL]  [Kingsoft Corporation, 2004, 12, 28, 20]
    [C:\KAV2007\KAEPlat.DLL]  [Kingsoft Corp., 2006, 8, 29, 60]
[PID: 1120][C:\KAV2007\KPfwSvc.EXE]  [Kingsoft Corporation, 2005, 9, 5, 28]
[PID: 1136][C:\WINDOWS\system32\nvsvc32.exe]  [NVIDIA Corporation, 6.14.10.9136]
[PID: 1420][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\WPDShServiceObj.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\PortableDeviceTypes.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\PortableDeviceApi.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\Program Files\Common Files\Adobe\Shell\PSICON.DLL]  [Adobe Systems, Incorporated, 7.0]
    [C:\KAV2007\KAVEXT.DLL]  [Kingsoft Corporation, 2005, 8, 5, 16]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
    [C:\WINDOWS\system32\MFPlat.DLL]  [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)]
    [C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll]  [Microsoft Corporation, 8.1.0178.00]
    [C:\WINDOWS\system32\wpdshext.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\Audiodev.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\icm32.dll]  [Microsoft Corporation, 5.1.2600.2709 (xpsp_sp2_gdr.050628-1518)]
    [C:\Program Files\360safe\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1005]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
[PID: 1456][C:\WINDOWS\system32\taskmgr.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1520][C:\WINPENJR\win32\pphidpad.exe]  [N/A, ]
[PID: 1548][C:\WINDOWS\system32\RUNDLL32.EXE]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\NvMcTray.dll]  [NVIDIA Corporation, 6.14.10.9136]
    [C:\WINDOWS\system32\NVRSZHC.DLL]  [NVIDIA Corporation, 6.14.10.9136]
[PID: 1636][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1532][C:\Documents and Settings\Administrator\桌面\SuperKiller.exe]  [, 2, 5, 1, 2]
    [C:\Program Files\360safe\antispy.dll]  [奇虎网, 4, 2, 0, 1006]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Newkernel32.dll]  [Microsoft Corporation, 5.1.2600.3119 (xpsp_sp2_gdr.070416-1301)]
    [C:\Program Files\360safe\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1005]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fixfinal2.dll]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\NewAdvapi32.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Documents and Settings\Administrator\桌面\xavengine.dll]  [360.cn, 1, 0, 0, 1006]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\AntiRk.dll]  [奇虎网, 3, 6, 4, 1001]
[PID: 2016][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1292][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\360safe\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1005]
    [c:\program files\google\googletoolbar2.dll]  [Google Inc., 4, 0, 1606, 6690]
    [C:\WINDOWS\system32\PortableDeviceApi.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\Program Files\PPLiveVA\DownloaderManager.dll]  [, 1.0.0.5]
    [C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll]  [Google Inc., 2, 0, 301, 7164]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [C:\KAV2007\KAScript.DLL]  [Kingsoft Corporation, 2006, 12, 11, 72]
    [C:\KAV2007\KAEPlat.DLL]  [Kingsoft Corp., 2006, 8, 29, 60]
[PID: 1284][D:\SREngLdr.EXE]  [Smallfrogs Studio, 2.6.12.1018]
[PID: 1276][D:\SRE9b4eb966.EXE]  [Smallfrogs Studio, 2.6.12.1018]
    [D:\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
    [C:\PROGRA~1\MICROS~2\OFFICE11\MCPS.DLL]  [Microsoft Corporation, 11.0.8164]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      v.onondown.com.cn
127.0.0.2      ymsdasdw1.cn
127.0.0.3      h96b.info
127.0.0.1      va9sdhun23.cn
127.0.0.2      bnasnd83nd.cn
127.0.0.3      adlaji.cn
127.0.0.1      858656.com
127.1.1.1      bnasnd83nd.cn
127.0.0.1      my123.com
127.0.0.0      user1.12-27.net
127.0.0.1      8749.com
127.0.0.0      fengent.cn
127.0.0.1      4199.com
127.0.0.1      user1.16-22.net
127.0.0.1      7379.com
127.0.0.1      2be37c5f.3f6e2cc5f0b.com
127.0.0.1      7255.com
127.0.0.1      user1.23-12.net
127.0.0.1      3448.com
127.0.0.1      www.guccia.net
127.0.0.1      7939.com
127.0.0.1      a.o1o1o1.nEt
127.0.0.1      8009.com
127.0.0.1      user1.12-73.cn
127.0.0.1      piaoxue.com
127.0.0.1      3n8nlasd.cn
127.0.0.1      kzdh.com
127.0.0.0      www.sony888.cn
127.0.0.1      about.blank.la
127.0.0.0      user1.asp-33.cn
127.0.0.1      6781.com
127.0.0.0      www.netkwek.cn
127.0.0.1      7322.com
127.0.0.0      ymsdkad6.cn
127.0.0.1      localhost
127.0.0.0      www.lkwueir.cn
127.0.0.1      06.jacai.com
127.0.1.1      user1.23-17.net
127.0.0.1      1.jopenkk.com
127.0.0.0      upa.luzhiai.net
127.0.0.1      1.jopenqc.com
127.0.0.0      www.guccia.net
127.0.0.1      1.joppnqq.com
127.0.0.0      4m9mnlmi.cn
127.0.0.1      1.xqhgm.com
127.0.0.0      mm119mkssd.cn
127.0.0.1      100.332233.com
127.0.0.0      61.128.171.115:8080
127.0.0.1      121.11.90.79
127.0.0.0      www.1119111.com
127.0.0.1      121565.net
127.0.0.0      win.nihao69.cn
127.0.0.1      125.90.88.38
127.0.0.1      16888.6to23.com
127.0.0.1      2.joppnqq.com
127.0.0.0      puc.lianxiac.net
127.0.0.1      204.177.92.68
127.0.0.0      pud.lianxiac.net
127.0.0.1      210.74.145.236
127.0.0.0      210.76.0.133
127.0.0.1      219.129.239.220
127.0.0.0      61.166.32.2
127.0.0.1      219.153.40.221
127.0.0.0      218.92.186.27
127.0.0.1      219.153.46.27
127.0.0.0      www.fsfsfag.cn
127.0.0.1      219.153.52.123
127.0.0.0      ovo.ovovov.cn
127.0.0.1      221.195.42.71
127.0.0.0      dw.com.com
127.0.0.1      222.73.218.115
127.0.0.1      203.110.168.233:80
127.0.0.1      3.joppnqq.com
127.0.0.1      203.110.168.221:80
127.0.0.1      363xx.com
127.0.0.1      www1.ip10086.com.cm
127.0.0.1      4199.com
127.0.0.1      blog.ip10086.com.cn
127.0.0.1      43242.com
127.0.0.1      www.ccji68.cn
127.0.0.1      5.xqhgm.com
127.0.0.0      t.myblank.cn
127.0.0.1      520.mm5208.com
127.0.0.0      x.myblank.cn
127.0.0.1      59.34.131.54
127.0.0.1      210.51.45.5
127.0.0.1      59.34.198.228
127.0.0.1      www.ew1q.cn
127.0.0.1      59.34.198.88
127.0.0.1      59.34.198.97
127.0.0.1      60.190.114.101
127.0.0.1      60.190.218.34
127.0.0.0      qq-xing.com.cn
127.0.0.1      60.191.124.252
127.0.0.1      61.145.117.212
127.0.0.1      61.157.109.222
127.0.0.1      75.126.3.216
127.0.0.1      75.126.3.217
127.0.0.1      75.126.3.218
127.0.0.0      59.125.231.177:17777
127.0.0.1      75.126.3.220
127.0.0.1      75.126.3.221
127.0.0.1      75.126.3.222
127.0.0.1      772630.com
127.0.0.1      832823.cn
127.0.0.1      8749.com
127.0.0.1      888.jopenqc.com
127.0.0.1      89382.cn
127.0.0.1      8v8.biz
127.0.0.1      97725.com
127.0.0.1      9gg.biz
127.0.0.1      www.9000music.com
127.0.0.1      test.591jx.com
127.0.0.1      a.topxxxx.cn
127.0.0.1      picon.chinaren.com
127.0.0.1      www.5566.net
127.0.0.1      p.qqkx.com
127.0.0.1      news.netandtv.com
127.0.0.1      z.neter888.cn
127.0.0.1      b.myblank.cn
127.0.0.1      wvw.wokutu.com
127.0.0.1      unionch.qyule.com
127.0.0.1      www.qyule.com
127.0.0.1      it.itjc.cn
127.0.0.1      www.linkwww.com
127.0.0.1      vod.kaicn.com
127.0.0.1      www.tx8688.com
127.0.0.1      b.neter888.cn
127.0.0.1      promote.huanqiu.com
127.0.0.1      www.huanqiu.com
127.0.0.1      www.haokanla.com
127.0.0.1      play.unionsky.cn
127.0.0.1      www.52v.com
127.0.0.1      www.gghka.cn
127.0.0.1      icon.ajiang.net
127.0.0.1      new.ete.cn
127.0.0.1      www.stiae.cn
127.0.0.1      o.neter888.cn
127.0.0.1      comm.jinti.com
127.0.0.1      www.google-analytics.com
127.0.0.1      hz.mmstat.com
127.0.0.1      www.game175.cn
127.0.0.1      x.neter888.cn
127.0.0.1      z.neter888.cn
127.0.0.1      p.etimes888.com
127.0.0.1      hx.etimes888.com
127.0.0.1      abc.qqkx.com
127.0.0.1      dm.popdm.cn
127.0.0.1      www.yl9999.com
127.0.0.1      www.dajiadoushe.cn
127.0.0.1      v.onondown.com.cn
127.0.0.1      www.interoo.net
127.0.0.1      bally1.bally-bally.net
127.0.0.1      www.bao5605509.cn
127.0.0.1      www.rty456.cn
127.0.0.1      www.werqwer.cn
127.0.0.1      1.360-1.cn
127.0.0.1      user1.23-16.net
127.0.0.1      www.guccia.net
127.0.0.1      www.interoo.net
127.0.0.1      upa.netsool.net
127.0.0.1      js.users.51.la
127.0.0.1      vip2.51.la
127.0.0.1      web.51.la
127.0.0.1      qq.gong2008.com
127.0.0.1      2008tl.copyip.com
127.0.0.1      tla.laozihuolaile.cn
127.0.0.1      www.tx6868.cn
127.0.0.1      p001.tiloaiai.com
127.0.0.1      s1.tl8tl.com
127.0.0.1      s1.gong2008.com
127.0.0.1      4b3ce56f9g.3f6e2cc5f0b.com
127.0.0.1      2be37c5f.3f6e2cc5f0b.com
127.0.0.1 c0mo.com
127.0.0.1 gxgxy.net
127.0.0.1 444.gmwo07.com
127.0.0.1 333.gmwo07.com
127.0.0.1 222.gmwo07.com
127.0.0.1 111.gmwo07.com
127.0.0.1 haha.yaoyao09.com
127.0.0.1 www.noseqing.cn
127.0.0.1 fg.pvs360.com
127.0.0.1 cw.pvs360.com
127.0.0.1 ta.pvs360.com
127.0.0.1 dl.pvs360.com
127.0.0.1 ok.sl8cjs.cn
127.0.0.1 nc.mskess.com
127.0.0.1 idc.windowsupdeta.cn
127.0.0.1 pvs360.com
127.0.0.1 sl8cjs.cn
127.0.0.1 windowsupdeta.cn
127.0.0.1 up.22x44.com
127.0.0.1 my.531jx.cn
127.0.0.1 nx.51ylb.cn
127.0.0.1 llboss.com
127.0.0.1 down.malasc.cn
127.0.0.1 d2.llsging.com
127.0.0.1 171817.171817.com
127.0.0.1 wg.47255.com
127.0.0.1 www.tomwg.com
127.0.0.1 tp.shpzhan.cn
127.0.0.1 xx.exiao01.com
127.0.0.1 www.22aaa.com
127.0.0.1 ilove.com
127.0.0.1 xxx.mmma.biz
127.0.0.1 www.868wg.com
127.0.0.1 1.jopanqc.com
127.0.0.1 yu.8s7.net
127.0.0.1 1.jopmmqq.com
127.0.0.1 cao.kv8.info
127.0.0.1 xtx.kv8.info
127.0.0.1 new.749571.com
127.0.0.1 xxx.vh7.biz
127.0.0.1 d.93se.com
127.0.0.1 3.joppnqq.com
127.0.0.1 xxx.j41m.com
127.0.0.1 1.jopenqc.com
127.0.0.1 xxx.m111.biz
127.0.0.1 down.18dd.net
127.0.0.1 www.333292.com
127.0.0.1 qqq.hao1658.com
127.0.0.1 qqq.dzydhx.com
127.0.0.1 www.exiao01.com
127.0.0.1 www.cike007.cn

==================================
进程特权扫描
特殊特权被允许: SeLoadDriverPrivilege [PID = 1520, C:\WINPENJR\WIN32\PPHIDPAD.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1284, D:\SRENGLDR.EXE]

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


gototop
 

回复: 遭遇顽固病毒!无法粘贴无法打开2级网页



引用:
原帖由 叶陵君 于 2008-10-10 21:10:00 发表
请提取sss.exe 病毒打包上传
并且到
这里http://bbs.ikaka.com/showtopic-8536393.aspx
下载SREng 扫描一份日志上来



4L大哥,诊断在上面,我发了。
sss.exe我刚想打包压缩, 系统说 
无法打开
拒绝访问
gototop
 

回复:遭遇顽固病毒!无法粘贴无法打开2级网页

去安全模式进行压缩。
gototop
 

回复: 遭遇顽固病毒!无法粘贴无法打开2级网页

运行压缩包内程序

附件: 清除.rar (2008-10-10 21:41:41, 837.26 K)
该附件被下载次数 266



不懂怎么操作 可以参考下
http://bbs.ikaka.com/showtopic-8554006.aspx 此链接。
gototop
 

回复:遭遇顽固病毒!无法粘贴无法打开2级网页

进入注册表,删除以下键值:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

<{2CB77746-8ECC-40ca-8217-10CA8BE5EFC8}><C:\WINDOWS\system32\zcnshlvc.dll>  [File is missing]
    <{21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}><C:\WINDOWS\system32\acrlcnab.dll>  [File is missing]
    <{D3112B69-A745-4805-874E-ABD480EA1299}><C:\WINDOWS\system32\brrdcxnq.dll>  [File is missing]
    <{4BF9CBA3-8DEE-41A1-8BDB-FC28D30E949F}><4BF9CBA3.dll>  [N/A]
    <{F0930A2F-D971-4828-8209-B7DFD266ED44}><C:\WINDOWS\system32\vmvgjrxv.dll>  [File is missing]
    <{EBE50EA1-89C8-463A-998A-69A05ECD2D26}><EBE50EA1.dll>  [N/A]
    <{8566F82E-03A4-416E-AEAC-66600D8881F1}><8566F82E.dll>  [N/A]
    <{495271CA-D0C6-4052-ABE6-5B01C73CDFB0}><495271CA.dll>  [N/A]
    <{A2C3BA54-DF75-4881-8EB3-E54B26BBBBC9}><C:\WINDOWS\system32\rloqmlxz.dll>  [File is missing]
    <{9CA963CA-107C-4089-B0AB-31380F90D7E3}><9CA963CA.dll>  [N/A]
    <{E4814792-EFA3-4C20-93D0-8B130A59F9A8}><E4814792.dll>  [N/A]
    <{DA56B183-A731-402b-9235-2CB8803E212D}><C:\WINDOWS\system32\monizkfo.dll>  [File is missing]
    <{434FA69C-5F0A-42e1-82B8-10AF2C8E53C6}><C:\WINDOWS\system32\dnugxxbj.dll>  [File is missing]
    <{BB4E3499-0132-4d3f-849A-2BE1B26D84E1}><C:\WINDOWS\system32\alowzktq.dll>  [File is missing]
    <{7ADC2AB1-5C6A-4178-82DA-94863354AF7C}><7ADC2AB1.dll>  [N/A]
    <{D1CC9DC6-F0BC-40fc-9552-E497B05E05B8}><C:\WINDOWS\system32\eptinkox.dll>  [File is missing]
    <{76D44356-B494-443a-BEDC-AA68DE4255E6}><C:\WINDOWS\system32\mgvwejqq.dll>  [File is missing]
    <{432BDC7C-DE5B-43f4-AA81-E7F8AFB0182D}><C:\WINDOWS\system32\gxzftjqi.dll>  [File is missing]
    <{F0C9FBC2-6FA2-479d-B65D-F9D65C613ECC}><C:\WINDOWS\system32\gbxzjvvq.dll>  [File is missing]
    <{7A6DF30E-D0F2-446f-B4F0-BF4232D60E07}><C:\WINDOWS\system32\rjlrgxed.dll>  [File is missing]
    <{65056902-6E7B-4bd7-95BA-688DB5FA5BEB}><C:\WINDOWS\system32\bzcpfijx.dll>  [File is missing]
    <{1B1D8534-8B2E-4DF0-B92B-C878E4DB0F0B}><1B1D8534.dll>  [N/A]
    <{08223B03-1B38-4A33-A83A-A4D3CC1D6E4E}><08223B03.dll>  [N/A]
    <{EA4D8F95-8F2E-4658-A234-E8F4C9AC21C5}><C:\WINDOWS\system32\rldfbibs.dll>  [File is missing]
    <{B3721C07-62B3-411A-9DC7-F5F27E3E21FF}><B3721C07.dll>  [N/A]
    <{3474A8C2-BEF9-46C8-983A-A26A0030EC30}><3474A8C2.dll>  [N/A]
    <{4EFDDEBE-303C-4D1A-8C9E-E4F215C43651}><4EFDDEBE.dll>  [N/A]
    <{D91BC61E-7D78-4A2A-A336-7B97E8E52F0B}><D91BC61E.dll>  [N/A]
    <{F6A454AE-156A-415E-9F89-3795677A8A91}><>  [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

    <vhuhzmwi.dll><C:\WINDOWS\system32\zcnshlvc.dll>  [File is missing]
    <nkhehwbg.dll><C:\WINDOWS\system32\acrlcnab.dll>  [File is missing]
    <egujxgoe.dll><C:\WINDOWS\system32\brrdcxnq.dll>  [File is missing]
    <beplcvam.dll><C:\WINDOWS\system32\vmvgjrxv.dll>  [File is missing]
    <nqgrgxmu.dll><C:\WINDOWS\system32\rloqmlxz.dll>  [File is missing]
    <pckicqbu.dll><C:\WINDOWS\system32\monizkfo.dll>  [File is missing]
    <mrekgfmd.dll><C:\WINDOWS\system32\dnugxxbj.dll>  [File is missing]
    <zhmzzalf.dll><C:\WINDOWS\system32\zcnshlvc.dll>  [File is missing]
    <nzfrxjxs.dll><C:\WINDOWS\system32\acrlcnab.dll>  [File is missing]
    <fdsonukq.dll><C:\WINDOWS\system32\brrdcxnq.dll>  [File is missing]
    <zikkzplg.dll><C:\WINDOWS\system32\vmvgjrxv.dll>  [File is missing]
    <aflaipnp.dll><C:\WINDOWS\system32\rloqmlxz.dll>  [File is missing]
    <monizkfo.dll><C:\WINDOWS\system32\monizkfo.dll>  [File is missing]
    <keajezqw.dll><C:\WINDOWS\system32\dnugxxbj.dll>  [File is missing]
    <sfshwher.dll><C:\WINDOWS\system32\alowzktq.dll>  [File is missing]
    <tusxgpfs.dll><C:\WINDOWS\system32\zcnshlvc.dll>  [File is missing]
    <bdsjdcvm.dll><C:\WINDOWS\system32\acrlcnab.dll>  [File is missing]
    <pwlbblqr.dll><C:\WINDOWS\system32\brrdcxnq.dll>  [File is missing]
    <jkefmzjp.dll><C:\WINDOWS\system32\vmvgjrxv.dll>  [File is missing]
    <eptinkox.dll><C:\WINDOWS\system32\eptinkox.dll>  [File is missing]
    <ojytgalb.dll><C:\WINDOWS\system32\rloqmlxz.dll>  [File is missing]
    <mwedxhba.dll><C:\WINDOWS\system32\mgvwejqq.dll>  [File is missing]
    <wpkoqfym.dll><C:\WINDOWS\system32\gxzftjqi.dll>  [File is missing]
    <gbxzjvvq.dll><C:\WINDOWS\system32\gbxzjvvq.dll>  [File is missing]
    <qvkkbtzb.dll><C:\WINDOWS\system32\dnugxxbj.dll>  [File is missing]
    <hluxdavb.dll><C:\WINDOWS\system32\vmvgjrxv.dll>  [File is missing]
    <oufcdpzu.dll><C:\WINDOWS\system32\acrlcnab.dll>  [File is missing]
    <lvdqkqsw.dll><C:\WINDOWS\system32\rjlrgxed.dll>  [File is missing]
    <bjxddviy.dll><C:\WINDOWS\system32\vmvgjrxv.dll>  [File is missing]
    <rxkfbkhn.dll><C:\WINDOWS\system32\acrlcnab.dll>  [File is missing]
    <vopzojjn.dll><C:\WINDOWS\system32\vmvgjrxv.dll>  [File is missing]
    <pjtcdumt.dll><C:\WINDOWS\system32\acrlcnab.dll>  [File is missing]
    <tpqojhip.dll><C:\WINDOWS\system32\acrlcnab.dll>  [File is missing]
    <djdzceet.dll><C:\WINDOWS\system32\acrlcnab.dll>  [File is missing]
    <rjlrgxed.dll><C:\WINDOWS\system32\rjlrgxed.dll>  [File is missing]
    <acrlcnab.dll><C:\WINDOWS\system32\acrlcnab.dll>  [File is missing]
    <wyyiclts.dll><C:\WINDOWS\system32\alowzktq.dll>  [File is missing]
    <pocrrdtk.dll><C:\WINDOWS\system32\zcnshlvc.dll>  [File is missing]
    <aptjeyze.dll><C:\WINDOWS\system32\bzcpfijx.dll>  [File is missing]
    <dhycrxbe.dll><C:\WINDOWS\system32\brrdcxnq.dll>  [File is missing]
    <kjguxwwq.dll><C:\WINDOWS\system32\vmvgjrxv.dll>  [File is missing]
    <npaahrzo.dll><C:\WINDOWS\system32\rloqmlxz.dll>  [File is missing]
    <rhgmvhbo.dll><C:\WINDOWS\system32\rldfbibs.dll>  [File is missing]
    <uoxnkdnx.dll><C:\WINDOWS\system32\mgvwejqq.dll>  [File is missing]
    <kyjvjhbg.dll><C:\WINDOWS\system32\gxzftjqi.dll>  [File is missing]
    <lnvcmflo.dll><C:\WINDOWS\system32\dnugxxbj.dll>  [File is missing]
    <lvibfjlc.dll><C:\WINDOWS\system32\alowzktq.dll>  [File is missing]
    <gnxfgnby.dll><C:\WINDOWS\system32\zcnshlvc.dll>  [File is missing]
    <lqsuzqgg.dll><C:\WINDOWS\system32\bzcpfijx.dll>  [File is missing]
    <jgndeezg.dll><C:\WINDOWS\system32\brrdcxnq.dll>  [File is missing]
    <nqwxluwk.dll><C:\WINDOWS\system32\vmvgjrxv.dll>  [File is missing]
    <ydndqwbz.dll><C:\WINDOWS\system32\rloqmlxz.dll>  [File is missing]
    <sqnzcscp.dll><C:\WINDOWS\system32\rldfbibs.dll>  [File is missing]
    <jtaesuhn.dll><C:\WINDOWS\system32\mgvwejqq.dll>  [File is missing]
    <ufgplsdz.dll><C:\WINDOWS\system32\gxzftjqi.dll>  [File is missing]
    <osylxoeo.dll><C:\WINDOWS\system32\dnugxxbj.dll>  [File is missing]
    <zochtzri.dll><C:\WINDOWS\system32\alowzktq.dll>  [File is missing]
    <eowcvasc.dll><C:\WINDOWS\system32\zcnshlvc.dll>  [File is missing]
    <pfcdpyyq.dll><C:\WINDOWS\system32\bzcpfijx.dll>  [File is missing]
    <muxftusq.dll><C:\WINDOWS\system32\brrdcxnq.dll>  [File is missing]
    <nvmtqkwj.dll><C:\WINDOWS\system32\vmvgjrxv.dll>  [File is missing]
    <alowzktq.dll><C:\WINDOWS\system32\alowzktq.dll>  [File is missing]
    <zcnshlvc.dll><C:\WINDOWS\system32\zcnshlvc.dll>  [File is missing]
    <bzcpfijx.dll><C:\WINDOWS\system32\bzcpfijx.dll>  [File is missing]
    <brrdcxnq.dll><C:\WINDOWS\system32\brrdcxnq.dll>  [File is missing]
    <vmvgjrxv.dll><C:\WINDOWS\system32\vmvgjrxv.dll>  [File is missing]
    <rloqmlxz.dll><C:\WINDOWS\system32\rloqmlxz.dll>  [File is missing]
    <rldfbibs.dll><C:\WINDOWS\system32\rldfbibs.dll>  [File is missing]
    <mgvwejqq.dll><C:\WINDOWS\system32\mgvwejqq.dll>  [File is missing]
    <gxzftjqi.dll><C:\WINDOWS\system32\gxzftjqi.dll>  [File is missing]
    <dnugxxbj.dll><C:\WINDOWS\system32\dnugxxbj.dll>  [File is missing]


进入SReng删除以下驱动程序
[000fa668 / 000fa668][Stopped/Manual Start]

[4c70249 / 4c70249][Stopped/Manual Start]

[8882fa1 / 8882fa1][Stopped/Manual Start]

[d4f876 / d4f876][Stopped/Manual Start]

[TorjanFW / TorjanFW][Running/Manual Start]


[000a2da6 / 000a2da6][Running/Manual Start]

使用XDELBOX删除以下文件
勾选抑压再生,右键从剪贴板导入而不检查路径
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fixfinal2.dll
C:\WINDOWS\system32\4BF9CBA3.dll
C:\WINDOWS\system32\EBE50EA1.dll
C:\WINDOWS\system32\8566F82E.dll
C:\WINDOWS\system32\495271CA.dll
C:\WINDOWS\system32\9CA963CA.dll
C:\WINDOWS\system32\E4814792.dll
C:\WINDOWS\system32\7ADC2AB1.dll
C:\WINDOWS\system32\1B1D8534.dll
C:\WINDOWS\system32\08223B03.dll
C:\WINDOWS\system32\B3721C07.dll
C:\WINDOWS\system32\3474A8C2.dll
C:\WINDOWS\system32\4EFDDEBE.dll
C:\WINDOWS\system32\D91BC61E.dll
C:\WINDOWS\system32\Drivers\000fa668.sys
C:\WINDOWS\system32\4c70249.sys
C:\WINDOWS\system32\8882fa1.sys
C:\WINDOWS\system32\d4f876.sys
C:\WINDOWS\system32\Drivers\000a2da6.sys


进入SReng--host---重置--保存

自己判断下
这个C:\WINPENJR\WIN32\PPHIDPAD.EXE
是否你安装的

SReng安装错误,
应该安装在C:\windows目录下
gototop
 

回复:遭遇顽固病毒!无法粘贴无法打开2级网页

遇到这样的问题我通常的做法是:重新还原系统。毕竟杀毒软件并不是万能的
gototop
 
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT